build_and_test:
runs-on: ubuntu-latest
env:
- configure_flags: --enable-ipxcp --enable-multilink --enable-systemd
+ configure_flags: --enable-multilink --enable-systemd
steps:
- uses: actions/checkout@v2
AC_PREREQ([2.69])
AC_INIT([ppp],
- [2.4.10-dev],
+ [2.5.0],
[https://github.com/ppp-project/ppp])
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
crypt.h \
paths.h \
shadow.h \
+ stddef.h \
+ stdarg.h \
sys/dlpi.h \
sys/ioctl.h \
sys/socket.h \
dist_man8_MANS = pppd.8
check_PROGRAMS =
-utest_chap_SOURCES = chap_ms.c utils.c pppcrypt.c
+utest_chap_SOURCES = chap_ms.c utils.c crypto_ms.c
utest_chap_CPPFLAGS = -DUNIT_TEST
utest_chap_LDFLAGS =
utest_peap_CPPFLAGS = -DUNIT_TEST
utest_peap_LDFLAGS =
-utest_crypto_SOURCES = ppp-crypto.c
+utest_crypto_SOURCES = crypto.c
utest_crypto_CPPFLAGS = -DUNIT_TEST
utest_crypto_LDFLAGS =
-utest_pppcrypt_SOURCES = pppcrypt.c
-utest_pppcrypt_CPPFLAGS = -DUNIT_TEST_PPPCRYPT
+utest_pppcrypt_SOURCES = crypto_ms.c
+utest_pppcrypt_CPPFLAGS = -DUNIT_TEST_MSCRYPTO
utest_pppcrypt_LDFLAGS =
check_PROGRAMS += utest_crypto
pppd_include_HEADERS = \
cbcp.h \
ccp.h \
- chap-md5.h \
+ chap.h \
chap_ms.h \
- chap-new.h \
+ crypto.h \
+ crypto_ms.h \
eap.h \
- eap-tls.h \
ecp.h \
eui64.h \
fsm.h \
lcp.h \
magic.h \
mppe.h \
- pathnames.h \
- peap.h \
+ multilink.h \
pppd.h \
+ options.h \
pppdconf.h \
- pppcrypt.h \
- ppp-crypto.h \
- ppp-crypto-priv.h \
session.h \
+ upap.h
+
+# Headers to be distributed, but not installed in /usr/include/pppd
+noinst_HEADERS = \
+ chap-md5.h \
+ crypto-priv.h \
+ eap-tls.h \
+ pathnames.h \
+ peap.h \
+ pppd-private.h \
spinlock.h \
tls.h \
- tdb.h \
- upap.h
+ tdb.h
pppd_SOURCES = \
auth.c \
ccp.c \
chap-md5.c \
- chap-new.c \
+ chap.c \
demand.c \
eap.c \
ecp.c \
pppd_LIBS =
if LINUX
-pppd_SOURCES += sys-linux.c termios_linux.h
+pppd_SOURCES += sys-linux.c
+noinst_HEADERS += termios_linux.h
pppd_LIBS += $(CRYPT_LIBS) $(UTIL_LIBS)
endif
endif
if PPP_WITH_CHAPMS
-pppd_SOURCES += chap_ms.c pppcrypt.c
+pppd_SOURCES += chap_ms.c crypto_ms.c
check_PROGRAMS += utest_chap
check_PROGRAMS += utest_pppcrypt
else
if WITH_SRP
-pppd_SOURCES += pppcrypt.c
+pppd_SOURCES += crypto_ms.c
check_PROGRAMS += utest_pppcrypt
endif
endif
check_PROGRAMS += utest_peap
endif
-noinst_LTLIBRARIES = libppp_crypt.la
-libppp_crypt_la_SOURCES=ppp-crypto.c ppp-md5.c ppp-md4.c ppp-sha1.c ppp-des.c
+noinst_LTLIBRARIES = libppp_crypto.la
+libppp_crypto_la_SOURCES=crypto.c ppp-md5.c ppp-md4.c ppp-sha1.c ppp-des.c
if PPP_WITH_OPENSSL
-libppp_crypt_la_CPPFLAGS=$(OPENSSL_INCLUDES)
-libppp_crypt_la_LDFLAGS=$(OPENSSL_LDFLAGS)
-libppp_crypt_la_LIBADD=$(OPENSSL_LIBS)
+libppp_crypto_la_CPPFLAGS=$(OPENSSL_INCLUDES)
+libppp_crypto_la_LDFLAGS=$(OPENSSL_LDFLAGS)
+libppp_crypto_la_LIBADD=$(OPENSSL_LIBS)
endif
-utest_peap_LDADD = libppp_crypt.la
-utest_chap_LDADD = libppp_crypt.la
-utest_crypto_LDADD = libppp_crypt.la
-utest_pppcrypt_LDADD = libppp_crypt.la
+utest_peap_LDADD = libppp_crypto.la
+utest_chap_LDADD = libppp_crypto.la
+utest_crypto_LDADD = libppp_crypto.la
+utest_pppcrypt_LDADD = libppp_crypto.la
-pppd_LIBS += libppp_crypt.la
+pppd_LIBS += libppp_crypto.la
if WITH_SYSTEMD
pppd_CPPFLAGS += $(SYSTEMD_CFLAGS)
#include <systemd/sd-daemon.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
#include "ccp.h"
#include "ecp.h"
#include "ipcp.h"
#include "upap.h"
-#include "chap-new.h"
+#include "chap.h"
#include "eap.h"
#ifdef PPP_WITH_EAPTLS
#include "eap-tls.h"
#ifdef PPP_WITH_CBCP
#include "cbcp.h"
#endif
+#include "multilink.h"
#include "pathnames.h"
#include "session.h"
int (*idle_time_hook)(struct ppp_idle *) = NULL;
/* Hook for a plugin to say whether we can possibly authenticate any peer */
-int (*pap_check_hook)(void) = NULL;
+pap_check_hook_fn *pap_check_hook = NULL;
/* Hook for a plugin to check the PAP user and password */
-int (*pap_auth_hook)(char *user, char *passwd, char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts) = NULL;
+pap_auth_hook_fn *pap_auth_hook = NULL;
/* Hook for a plugin to know about the PAP user logout */
-void (*pap_logout_hook)(void) = NULL;
+pap_logout_hook_fn *pap_logout_hook = NULL;
/* Hook for a plugin to get the PAP password for authenticating us */
-int (*pap_passwd_hook)(char *user, char *passwd) = NULL;
+pap_passwd_hook_fn *pap_passwd_hook = NULL;
/* Hook for a plugin to say if we can possibly authenticate a peer using CHAP */
-int (*chap_check_hook)(void) = NULL;
+chap_check_hook_fn *chap_check_hook = NULL;
/* Hook for a plugin to get the CHAP password for authenticating us */
-int (*chap_passwd_hook)(char *user, char *passwd) = NULL;
+chap_passwd_hook_fn *chap_passwd_hook = NULL;
#ifdef PPP_WITH_EAPTLS
/* Hook for a plugin to get the EAP-TLS password for authenticating us */
-int (*eaptls_passwd_hook)(char *user, char *passwd) = NULL;
+eaptls_passwd_hook_fn *eaptls_passwd_hook = NULL;
#endif
/* Hook for a plugin to say whether it is OK if the peer
int (*allowed_address_hook)(u_int32_t addr) = NULL;
-#ifdef PPP_WITH_MULTILINK
-/* Hook for plugin to hear when an interface joins a multilink bundle */
-void (*multilink_join_hook)(void) = NULL;
-#endif
-
/* A notifier for when the peer has authenticated itself,
and we are proceeding to the network phase. */
struct notifier *auth_up_notifier = NULL;
/*
* Authentication-related options.
*/
-option_t auth_options[] = {
+struct option auth_options[] = {
{ "auth", o_bool, &auth_required,
"Require authentication from peer", OPT_PRIO | 1 },
{ "noauth", o_bool, &auth_required,
{ NULL }
};
+const char *
+ppp_remote_name()
+{
+ return remote_name;
+}
+
+const char *
+ppp_get_remote_number(void)
+{
+ return remote_number;
+}
+
+void
+ppp_set_remote_number(const char *buf)
+{
+ if (buf) {
+ strlcpy(remote_number, buf, sizeof(remote_number));
+ }
+}
+
+const char *
+ppp_peer_authname(char *buf, size_t bufsz)
+{
+ if (buf && bufsz > 0) {
+ strlcpy(buf, peer_authname, bufsz);
+ return buf;
+ }
+ return peer_authname;
+}
+
/*
* setupapfile - specifies UPAP info for authenticating with peer.
*/
novm("+ua file name");
euid = geteuid();
if (seteuid(getuid()) == -1) {
- option_error("unable to reset uid before opening %s: %m", fname);
+ ppp_option_error("unable to reset uid before opening %s: %m", fname);
free(fname);
return 0;
}
if (seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
- option_error("unable to open user login data file %s", fname);
+ ppp_option_error("unable to open user login data file %s", fname);
free(fname);
return 0;
}
if (fgets(u, MAXNAMELEN - 1, ufile) == NULL
|| fgets(p, MAXSECRETLEN - 1, ufile) == NULL) {
fclose(ufile);
- option_error("unable to read user login data file %s", fname);
+ ppp_option_error("unable to read user login data file %s", fname);
free(fname);
return 0;
}
g = getgrnam(*argv);
if (g == 0) {
- option_error("group %s is unknown", *argv);
+ ppp_option_error("group %s is unknown", *argv);
return 0;
}
for (i = 0; i < ngroups; ++i) {
*/
void start_link(int unit)
{
- status = EXIT_CONNECT_FAILED;
+ ppp_set_status(EXIT_CONNECT_FAILED);
new_phase(PHASE_SERIALCONN);
hungup = 0;
*/
fd_ppp = the_channel->establish_ppp(devfd);
if (fd_ppp < 0) {
- status = EXIT_FATAL_ERROR;
+ ppp_set_status(EXIT_FATAL_ERROR);
goto disconnect;
}
* incoming events (reply, timeout, etc.).
*/
if (ifunit >= 0)
- notice("Connect: %s <--> %s", ifname, ppp_devnam);
+ notice("Connect: %s <--> %s", ifname, ppp_devname);
else
- notice("Starting negotiation on %s", ppp_devnam);
+ notice("Starting negotiation on %s", ppp_devname);
add_fd(fd_ppp);
- status = EXIT_NEGOTIATION_FAILED;
+ ppp_set_status(EXIT_NEGOTIATION_FAILED);
new_phase(PHASE_ESTABLISH);
lcp_lowerup(0);
void
link_terminated(int unit)
{
- if (phase == PHASE_DEAD || phase == PHASE_MASTER)
+ if (in_phase(PHASE_DEAD) || in_phase(PHASE_MASTER))
return;
new_phase(PHASE_DISCONNECT);
}
session_end(devnam);
- if (!doing_multilink) {
+ if (!mp_on()) {
notice("Connection terminated.");
print_link_stats();
} else
* can happen that another pppd gets the same unit and then
* we delete its pid file.
*/
- if (!doing_multilink && !demand)
+ if (!demand && !mp_on())
remove_pidfiles();
-
/*
* If we may want to bring the link up again, transfer
* the ppp unit back to the loopback. Set the
remove_fd(fd_ppp);
clean_check();
the_channel->disestablish_ppp(devfd);
- if (doing_multilink)
+ if (mp_on())
mp_exit_bundle();
fd_ppp = -1;
}
if (!hungup)
lcp_lowerdown(0);
- if (!doing_multilink && !demand)
- script_unsetenv("IFNAME");
+ if (!mp_on() && !demand)
+ ppp_script_unsetenv("IFNAME");
/*
* Run disconnector script, if requested.
if (the_channel->cleanup)
(*the_channel->cleanup)();
- if (doing_multilink && multilink_master) {
+ if (mp_on() && mp_master()) {
if (!bundle_terminating) {
new_phase(PHASE_MASTER);
if (master_detach && !detached)
notify(link_down_notifier, 0);
auth_state = s_down;
if (auth_script_state == s_up && auth_script_pid == 0) {
- update_link_stats(unit);
+ ppp_get_link_stats(NULL);
auth_script_state = s_down;
auth_script(PPP_PATH_AUTHDOWN);
}
}
- if (!doing_multilink) {
+ if (!mp_on())
+ {
upper_layers_down(unit);
- if (phase != PHASE_DEAD && phase != PHASE_MASTER)
+ if (!in_phase(PHASE_DEAD) && !in_phase(PHASE_MASTER))
new_phase(PHASE_ESTABLISH);
}
/* XXX if doing_multilink, should do something to stop
/*
* Tell higher-level protocols that LCP is up.
*/
- if (!doing_multilink) {
+ if (!mp_on())
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol != PPP_LCP && protp->enabled_flag
&& protp->lowerup != NULL)
(*protp->lowerup)(unit);
- }
-
if (!auth_required && noauth_addrs != NULL)
set_allowed_addrs(unit, NULL, NULL);
set_allowed_addrs(unit, NULL, NULL);
} else if (!wo->neg_upap || uselogin || !null_login(unit)) {
warn("peer refused to authenticate: terminating link");
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
lcp_close(unit, "peer refused to authenticate");
return;
}
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
- status = EXIT_AUTH_TOPEER_FAILED;
+ ppp_set_status(EXIT_AUTH_TOPEER_FAILED);
return;
}
if (need_peer_eap && !ho->neg_eap) {
warn("peer doesn't want to authenticate us with eap");
lcp_close(unit, "couldn't negotiate eap");
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
return;
}
#endif
/*
* Authentication failure: take the link down
*/
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
lcp_close(unit, "Authentication failed");
}
namelen = sizeof(peer_authname) - 1;
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
- script_setenv("PEERNAME", peer_authname, 0);
+ ppp_script_setenv("PEERNAME", peer_authname, 0);
/* Save the authentication method for later. */
auth_done[unit] |= bit;
* is no point in persisting without any way to get updated
* authentication secrets.
*/
- status = EXIT_AUTH_TOPEER_FAILED;
+ ppp_set_status(EXIT_AUTH_TOPEER_FAILED);
lcp_close(unit, "Failed to authenticate ourselves to peer");
}
/*
* At this point we consider that the link has come up successfully.
*/
- status = EXIT_OK;
+ ppp_set_status(EXIT_OK);
unsuccess = 0;
new_phase(PHASE_RUNNING);
if (idle_time_hook != 0)
tlim = (*idle_time_hook)(NULL);
else
- tlim = idle_time_limit;
+ tlim = ppp_get_max_idle_time();
if (tlim > 0)
TIMEOUT(check_idle, NULL, tlim);
* Set a timeout to close the connection once the maximum
* connect time has expired.
*/
- if (maxconnect > 0)
- TIMEOUT(connect_time_expired, 0, maxconnect);
+ if (ppp_get_max_connect_time() > 0)
+ TIMEOUT(connect_time_expired, 0, ppp_get_max_connect_time());
+ /*
+ * Configure a check to see if session has outlived it's limit
+ * in terms of octets
+ */
if (maxoctets > 0)
TIMEOUT(check_maxoctets, NULL, maxoctets_timeout);
}
}
+/*
+ * Periodic callback to check if session has reached its limit. The period defaults
+ * to 1 second and is configurable by setting "mo-timeout" in configuration
+ */
static void
check_maxoctets(void *arg)
{
unsigned int used;
-
- update_link_stats(ifunit);
- link_stats_valid=0;
-
- switch(maxoctets_dir) {
- case PPP_OCTETS_DIRECTION_IN:
- used = link_stats.bytes_in;
- break;
- case PPP_OCTETS_DIRECTION_OUT:
- used = link_stats.bytes_out;
- break;
- case PPP_OCTETS_DIRECTION_MAXOVERAL:
- case PPP_OCTETS_DIRECTION_MAXSESSION:
- used = (link_stats.bytes_in > link_stats.bytes_out) ? link_stats.bytes_in : link_stats.bytes_out;
- break;
- default:
- used = link_stats.bytes_in+link_stats.bytes_out;
- break;
+ ppp_link_stats_st stats;
+
+ if (ppp_get_link_stats(&stats)) {
+ switch(maxoctets_dir) {
+ case PPP_OCTETS_DIRECTION_IN:
+ used = stats.bytes_in;
+ break;
+ case PPP_OCTETS_DIRECTION_OUT:
+ used = stats.bytes_out;
+ break;
+ case PPP_OCTETS_DIRECTION_MAXOVERAL:
+ case PPP_OCTETS_DIRECTION_MAXSESSION:
+ used = (stats.bytes_in > stats.bytes_out)
+ ? stats.bytes_in
+ : stats.bytes_out;
+ break;
+ default:
+ used = stats.bytes_in+stats.bytes_out;
+ break;
+ }
}
+
if (used > maxoctets) {
notice("Traffic limit reached. Limit: %u Used: %u", maxoctets, used);
- status = EXIT_TRAFFIC_LIMIT;
+ ppp_set_status(EXIT_TRAFFIC_LIMIT);
lcp_close(0, "Traffic limit");
+ link_stats_print = 0;
need_holdoff = 0;
} else {
TIMEOUT(check_maxoctets, NULL, maxoctets_timeout);
tlim = idle_time_hook(&idle);
} else {
itime = MIN(idle.xmit_idle, idle.recv_idle);
- tlim = idle_time_limit - itime;
+ tlim = ppp_get_max_idle_time() - itime;
}
if (tlim <= 0) {
/* link is idle: shut it down. */
notice("Terminating connection due to lack of activity.");
- status = EXIT_IDLE_TIMEOUT;
+ ppp_set_status(EXIT_IDLE_TIMEOUT);
lcp_close(0, "Link inactive");
need_holdoff = 0;
} else {
connect_time_expired(void *arg)
{
info("Connect time expired");
- status = EXIT_CONNECT_TIME;
+ ppp_set_status(EXIT_CONNECT_TIME);
lcp_close(0, "Connect time expired"); /* Close connection */
}
/* Default our_name to hostname, and user to our_name */
if (our_name[0] == 0 || usehostname)
- strlcpy(our_name, hostname, sizeof(our_name));
+ strlcpy(our_name, hostname, sizeof(our_name));
+
/* If a blank username was explicitly given as an option, trust
the user and don't use our_name */
if (user[0] == 0 && !explicit_user)
if (auth_required && !can_auth && noauth_addrs == NULL) {
if (default_auth) {
- option_error(
+ ppp_option_error(
"By default the remote system is required to authenticate itself");
- option_error(
+ ppp_option_error(
"(because this system has a default route to the internet)");
} else if (explicit_remote)
- option_error(
+ ppp_option_error(
"The remote system (%s) is required to authenticate itself",
remote_name);
else
- option_error(
+ ppp_option_error(
"The remote system is required to authenticate itself");
- option_error(
+ ppp_option_error(
"but I couldn't find any suitable secret (password) for it to use to do so.");
if (lacks_ip)
- option_error(
+ ppp_option_error(
"(None of the available passwords would let it use an IP address.)");
exit(1);
int ok;
/* don't allow loopback or multicast address */
- if (bad_ip_adrs(addr))
+ if (ppp_bad_ip_addr(addr))
return 0;
if (allowed_address_hook) {
}
/*
- * bad_ip_adrs - return 1 if the IP address is one we don't want
- * to use, such as an address in the loopback net or a multicast address.
- * addr is in network byte order.
+ * Check if given addr in network byte order is in the looback network, or a multicast address.
*/
-int
-bad_ip_adrs(u_int32_t addr)
+bool
+ppp_bad_ip_addr(u_int32_t addr)
{
addr = ntohl(addr);
return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
#include <sys/types.h>
#include <sys/time.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "cbcp.h"
#include "fsm.h"
#include "lcp.h"
+#include "options.h"
/*
*/
static int setcbcp (char **);
-static option_t cbcp_option_list[] = {
+static struct option cbcp_option_list[] = {
{ "callback", o_special, (void *)setcbcp,
"Ask for callback", OPT_PRIO | OPT_A2STRVAL, &cbcp[0].us_number },
{ NULL }
cbcp_up(cbcp_state *us)
{
persist = 0;
- status = EXIT_CALLBACK;
+ ppp_set_status(EXIT_CALLBACK);
lcp_close(0, "Call me back, please");
}
#include <linux/ppp-comp.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ccp.h"
bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
#endif
-static option_t ccp_option_list[] = {
+static struct option ccp_option_list[] = {
{ "noccp", o_bool, &ccp_protent.enabled_flag,
"Disable CCP negotiation" },
{ "-ccp", o_bool, &ccp_protent.enabled_flag,
abits = strtol(str, &endp, 0);
}
if (*endp != 0 || endp == str) {
- option_error("invalid parameter '%s' for bsdcomp option", *argv);
+ ppp_option_error("invalid parameter '%s' for bsdcomp option", *argv);
return 0;
}
if ((rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS))
|| (abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS))) {
- option_error("bsdcomp option values must be 0 or %d .. %d",
+ ppp_option_error("bsdcomp option values must be 0 or %d .. %d",
BSD_MIN_BITS, BSD_MAX_BITS);
return 0;
}
abits = strtol(str, &endp, 0);
}
if (*endp != 0 || endp == str) {
- option_error("invalid parameter '%s' for deflate option", *argv);
+ ppp_option_error("invalid parameter '%s' for deflate option", *argv);
return 0;
}
if ((rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE))
|| (abits != 0 && (abits < DEFLATE_MIN_SIZE
|| abits > DEFLATE_MAX_SIZE))) {
- option_error("deflate option values must be 0 or %d .. %d",
+ ppp_option_error("deflate option values must be 0 or %d .. %d",
DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE);
return 0;
}
* because MPPE frames **grow**. The kernel [must]
* allocate MPPE_PAD extra bytes in xmit buffers.
*/
- mtu = netif_get_mtu(f->unit);
+ mtu = ppp_get_mtu(f->unit);
if (mtu)
- netif_set_mtu(f->unit, mtu - MPPE_PAD);
+ ppp_set_mtu(f->unit, mtu - MPPE_PAD);
else
newret = CONFREJ;
}
bool predictor_2; /* do Predictor-2? */
bool deflate_correct; /* use correct code for deflate? */
bool deflate_draft; /* use draft RFC code for deflate? */
- u_char mppe; /* MPPE bitfield */
- u_short bsd_bits; /* # bits/code for BSD Compress */
- u_short deflate_size; /* lg(window size) for Deflate */
+ unsigned char mppe; /* MPPE bitfield */
+ unsigned short bsd_bits; /* # bits/code for BSD Compress */
+ unsigned short deflate_size; /* lg(window size) for Deflate */
short method; /* code for chosen compression method */
} ccp_options;
#include <stdlib.h>
#include <string.h>
-#include "pppd.h"
-#include "chap-new.h"
+#include "pppd-private.h"
+#include "chap.h"
#include "chap-md5.h"
#include "magic.h"
-#include "ppp-crypto.h"
+#include "crypto.h"
#define MD5_MIN_CHALLENGE 16
#define MD5_MAX_CHALLENGE 24
+++ /dev/null
-/*
- * chap-new.c - New CHAP implementation.
- *
- * Copyright (c) 2003 Paul Mackerras. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * 3. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $"
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-#include "pppd.h"
-#include "session.h"
-#include "chap-new.h"
-#include "chap-md5.h"
-
-#ifdef PPP_WITH_CHAPMS
-#include "chap_ms.h"
-#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
-#else
-#define MDTYPE_ALL (MDTYPE_MD5)
-#endif
-
-int chap_mdtype_all = MDTYPE_ALL;
-
-/* Hook for a plugin to validate CHAP challenge */
-int (*chap_verify_hook)(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space) = NULL;
-
-/*
- * Option variables.
- */
-int chap_server_timeout_time = 3;
-int chap_max_transmits = 10;
-int chap_rechallenge_time = 0;
-int chap_client_timeout_time = 60;
-int chapms_strip_domain = 0;
-
-/*
- * Command-line options.
- */
-static option_t chap_option_list[] = {
- { "chap-restart", o_int, &chap_server_timeout_time,
- "Set timeout for CHAP (as server)", OPT_PRIO },
- { "chap-max-challenge", o_int, &chap_max_transmits,
- "Set max #xmits for challenge", OPT_PRIO },
- { "chap-interval", o_int, &chap_rechallenge_time,
- "Set interval for rechallenge", OPT_PRIO },
- { "chap-timeout", o_int, &chap_client_timeout_time,
- "Set timeout for CHAP (as client)", OPT_PRIO },
- { "chapms-strip-domain", o_bool, &chapms_strip_domain,
- "Strip the domain prefix before the Username", 1 },
- { NULL }
-};
-
-/*
- * Internal state.
- */
-static struct chap_client_state {
- int flags;
- char *name;
- struct chap_digest_type *digest;
- unsigned char priv[64]; /* private area for digest's use */
-} client;
-
-/*
- * These limits apply to challenge and response packets we send.
- * The +4 is the +1 that we actually need rounded up.
- */
-#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN)
-#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN)
-
-static struct chap_server_state {
- int flags;
- int id;
- char *name;
- struct chap_digest_type *digest;
- int challenge_xmits;
- int challenge_pktlen;
- unsigned char challenge[CHAL_MAX_PKTLEN];
- char message[256];
-} server;
-
-/* Values for flags in chap_client_state and chap_server_state */
-#define LOWERUP 1
-#define AUTH_STARTED 2
-#define AUTH_DONE 4
-#define AUTH_FAILED 8
-#define TIMEOUT_PENDING 0x10
-#define CHALLENGE_VALID 0x20
-
-/*
- * Prototypes.
- */
-static void chap_init(int unit);
-static void chap_lowerup(int unit);
-static void chap_lowerdown(int unit);
-static void chap_server_timeout(void *arg);
-static void chap_client_timeout(void *arg);
-static void chap_generate_challenge(struct chap_server_state *ss);
-static void chap_handle_response(struct chap_server_state *ss, int code,
- unsigned char *pkt, int len);
-static int chap_verify_response(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
-static void chap_respond(struct chap_client_state *cs, int id,
- unsigned char *pkt, int len);
-static void chap_handle_status(struct chap_client_state *cs, int code, int id,
- unsigned char *pkt, int len);
-static void chap_protrej(int unit);
-static void chap_input(int unit, unsigned char *pkt, int pktlen);
-static int chap_print_pkt(unsigned char *p, int plen,
- void (*printer)(void *, char *, ...), void *arg);
-
-/* List of digest types that we know about */
-static struct chap_digest_type *chap_digests;
-
-/*
- * chap_init - reset to initial state.
- */
-static void
-chap_init(int unit)
-{
- memset(&client, 0, sizeof(client));
- memset(&server, 0, sizeof(server));
-
- chap_md5_init();
-#ifdef PPP_WITH_CHAPMS
- chapms_init();
-#endif
-}
-
-/*
- * Add a new digest type to the list.
- */
-void
-chap_register_digest(struct chap_digest_type *dp)
-{
- dp->next = chap_digests;
- chap_digests = dp;
-}
-
-/*
- * Lookup a digest type by code
- */
-struct chap_digest_type *
-chap_find_digest(int digest_code) {
- struct chap_digest_type *dp = NULL;
- for (dp = chap_digests; dp != NULL; dp = dp->next)
- if (dp->code == digest_code)
- break;
- return dp;
-}
-
-/*
- * chap_lowerup - we can start doing stuff now.
- */
-static void
-chap_lowerup(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- cs->flags |= LOWERUP;
- ss->flags |= LOWERUP;
- if (ss->flags & AUTH_STARTED)
- chap_server_timeout(ss);
-}
-
-static void
-chap_lowerdown(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- if (cs->flags & TIMEOUT_PENDING)
- UNTIMEOUT(chap_client_timeout, cs);
- cs->flags = 0;
- if (ss->flags & TIMEOUT_PENDING)
- UNTIMEOUT(chap_server_timeout, ss);
- ss->flags = 0;
-}
-
-/*
- * chap_auth_peer - Start authenticating the peer.
- * If the lower layer is already up, we start sending challenges,
- * otherwise we wait for the lower layer to come up.
- */
-void
-chap_auth_peer(int unit, char *our_name, int digest_code)
-{
- struct chap_server_state *ss = &server;
- struct chap_digest_type *dp;
-
- if (ss->flags & AUTH_STARTED) {
- error("CHAP: peer authentication already started!");
- return;
- }
-
- dp = chap_find_digest(digest_code);
- if (dp == NULL)
- fatal("CHAP digest 0x%x requested but not available",
- digest_code);
-
- ss->digest = dp;
- ss->name = our_name;
- /* Start with a random ID value */
- ss->id = (unsigned char)(drand48() * 256);
- ss->flags |= AUTH_STARTED;
- if (ss->flags & LOWERUP)
- chap_server_timeout(ss);
-}
-
-/*
- * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
- * There isn't much to do until we receive a challenge.
- */
-void
-chap_auth_with_peer(int unit, char *our_name, int digest_code)
-{
- struct chap_client_state *cs = &client;
- struct chap_digest_type *dp;
-
- if (cs->flags & AUTH_STARTED) {
- error("CHAP: authentication with peer already started!");
- return;
- }
- for (dp = chap_digests; dp != NULL; dp = dp->next)
- if (dp->code == digest_code)
- break;
- if (dp == NULL)
- fatal("CHAP digest 0x%x requested but not available",
- digest_code);
-
- cs->digest = dp;
- cs->name = our_name;
- cs->flags |= AUTH_STARTED | TIMEOUT_PENDING;
- TIMEOUT(chap_client_timeout, cs, chap_client_timeout_time);
-}
-
-/*
- * chap_server_timeout - It's time to send another challenge to the peer.
- * This could be either a retransmission of a previous challenge,
- * or a new challenge to start re-authentication.
- */
-static void
-chap_server_timeout(void *arg)
-{
- struct chap_server_state *ss = arg;
-
- ss->flags &= ~TIMEOUT_PENDING;
- if ((ss->flags & CHALLENGE_VALID) == 0) {
- ss->challenge_xmits = 0;
- chap_generate_challenge(ss);
- ss->flags |= CHALLENGE_VALID;
- } else if (ss->challenge_xmits >= chap_max_transmits) {
- ss->flags &= ~CHALLENGE_VALID;
- ss->flags |= AUTH_DONE | AUTH_FAILED;
- auth_peer_fail(0, PPP_CHAP);
- return;
- }
-
- output(0, ss->challenge, ss->challenge_pktlen);
- ++ss->challenge_xmits;
- ss->flags |= TIMEOUT_PENDING;
- TIMEOUT(chap_server_timeout, arg, chap_server_timeout_time);
-}
-
-/* chap_client_timeout - Authentication with peer timed out. */
-static void
-chap_client_timeout(void *arg)
-{
- struct chap_client_state *cs = arg;
-
- cs->flags &= ~TIMEOUT_PENDING;
- cs->flags |= AUTH_DONE | AUTH_FAILED;
- error("CHAP authentication timed out");
- auth_withpeer_fail(0, PPP_CHAP);
-}
-
-/*
- * chap_generate_challenge - generate a challenge string and format
- * the challenge packet in ss->challenge_pkt.
- */
-static void
-chap_generate_challenge(struct chap_server_state *ss)
-{
- int clen = 1, nlen, len;
- unsigned char *p;
-
- p = ss->challenge;
- MAKEHEADER(p, PPP_CHAP);
- p += CHAP_HDRLEN;
- ss->digest->generate_challenge(p);
- clen = *p;
- nlen = strlen(ss->name);
- memcpy(p + 1 + clen, ss->name, nlen);
-
- len = CHAP_HDRLEN + 1 + clen + nlen;
- ss->challenge_pktlen = PPP_HDRLEN + len;
-
- p = ss->challenge + PPP_HDRLEN;
- p[0] = CHAP_CHALLENGE;
- p[1] = ++ss->id;
- p[2] = len >> 8;
- p[3] = len;
-}
-
-/*
- * chap_handle_response - check the response to our challenge.
- */
-static void
-chap_handle_response(struct chap_server_state *ss, int id,
- unsigned char *pkt, int len)
-{
- int response_len, ok, mlen;
- unsigned char *response, *p;
- char *name = NULL; /* initialized to shut gcc up */
- int (*verifier)(char *, char *, int, struct chap_digest_type *,
- unsigned char *, unsigned char *, char *, int);
- char rname[MAXNAMELEN+1];
-
- if ((ss->flags & LOWERUP) == 0)
- return;
- if (id != ss->challenge[PPP_HDRLEN+1] || len < 2)
- return;
- if (ss->flags & CHALLENGE_VALID) {
- response = pkt;
- GETCHAR(response_len, pkt);
- len -= response_len + 1; /* length of name */
- name = (char *)pkt + response_len;
- if (len < 0)
- return;
-
- if (ss->flags & TIMEOUT_PENDING) {
- ss->flags &= ~TIMEOUT_PENDING;
- UNTIMEOUT(chap_server_timeout, ss);
- }
-
- if (explicit_remote) {
- name = remote_name;
- } else {
- /* Null terminate and clean remote name. */
- slprintf(rname, sizeof(rname), "%.*v", len, name);
- name = rname;
-
- /* strip the MS domain name */
- if (chapms_strip_domain && strrchr(rname, '\\')) {
- char tmp[MAXNAMELEN+1];
-
- strcpy(tmp, strrchr(rname, '\\') + 1);
- strcpy(rname, tmp);
- }
- }
-
- if (chap_verify_hook)
- verifier = chap_verify_hook;
- else
- verifier = chap_verify_response;
- ok = (*verifier)(name, ss->name, id, ss->digest,
- ss->challenge + PPP_HDRLEN + CHAP_HDRLEN,
- response, ss->message, sizeof(ss->message));
- if (!ok || !auth_number()) {
- ss->flags |= AUTH_FAILED;
- warn("Peer %q failed CHAP authentication", name);
- }
- } else if ((ss->flags & AUTH_DONE) == 0)
- return;
-
- /* send the response */
- p = outpacket_buf;
- MAKEHEADER(p, PPP_CHAP);
- mlen = strlen(ss->message);
- len = CHAP_HDRLEN + mlen;
- p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
- p[1] = id;
- p[2] = len >> 8;
- p[3] = len;
- if (mlen > 0)
- memcpy(p + CHAP_HDRLEN, ss->message, mlen);
- output(0, outpacket_buf, PPP_HDRLEN + len);
-
- if (ss->flags & CHALLENGE_VALID) {
- ss->flags &= ~CHALLENGE_VALID;
- if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) {
- /*
- * Auth is OK, so now we need to check session restrictions
- * to ensure everything is OK, but only if we used a
- * plugin, and only if we're configured to check. This
- * allows us to do PAM checks on PPP servers that
- * authenticate against ActiveDirectory, and use AD for
- * account info (like when using Winbind integrated with
- * PAM).
- */
- if (session_mgmt &&
- session_check(name, NULL, devnam, NULL) == 0) {
- ss->flags |= AUTH_FAILED;
- warn("Peer %q failed CHAP Session verification", name);
- }
- }
- if (ss->flags & AUTH_FAILED) {
- auth_peer_fail(0, PPP_CHAP);
- } else {
- if ((ss->flags & AUTH_DONE) == 0)
- auth_peer_success(0, PPP_CHAP,
- ss->digest->code,
- name, strlen(name));
- if (chap_rechallenge_time) {
- ss->flags |= TIMEOUT_PENDING;
- TIMEOUT(chap_server_timeout, ss,
- chap_rechallenge_time);
- }
- }
- ss->flags |= AUTH_DONE;
- }
-}
-
-/*
- * chap_verify_response - check whether the peer's response matches
- * what we think it should be. Returns 1 if it does (authentication
- * succeeded), or 0 if it doesn't.
- */
-static int
-chap_verify_response(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space)
-{
- int ok;
- unsigned char secret[MAXSECRETLEN];
- int secret_len;
-
- /* Get the secret that the peer is supposed to know */
- if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) {
- error("No CHAP secret found for authenticating %q", name);
- return 0;
- }
-
- ok = digest->verify_response(id, name, secret, secret_len, challenge,
- response, message, message_space);
- memset(secret, 0, sizeof(secret));
-
- return ok;
-}
-
-/*
- * chap_respond - Generate and send a response to a challenge.
- */
-static void
-chap_respond(struct chap_client_state *cs, int id,
- unsigned char *pkt, int len)
-{
- int clen, nlen;
- int secret_len;
- unsigned char *p;
- unsigned char response[RESP_MAX_PKTLEN];
- char rname[MAXNAMELEN+1];
- char secret[MAXSECRETLEN+1];
-
- if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
- return; /* not ready */
- if (len < 2 || len < pkt[0] + 1)
- return; /* too short */
- clen = pkt[0];
- nlen = len - (clen + 1);
-
- /* Null terminate and clean remote name. */
- slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
-
- /* Microsoft doesn't send their name back in the PPP packet */
- if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0))
- strlcpy(rname, remote_name, sizeof(rname));
-
- /* get secret for authenticating ourselves with the specified host */
- if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) {
- secret_len = 0; /* assume null secret if can't find one */
- warn("No CHAP secret found for authenticating us to %q", rname);
- }
-
- p = response;
- MAKEHEADER(p, PPP_CHAP);
- p += CHAP_HDRLEN;
-
- cs->digest->make_response(p, id, cs->name, pkt,
- secret, secret_len, cs->priv);
- memset(secret, 0, secret_len);
-
- clen = *p;
- nlen = strlen(cs->name);
- memcpy(p + clen + 1, cs->name, nlen);
-
- p = response + PPP_HDRLEN;
- len = CHAP_HDRLEN + clen + 1 + nlen;
- p[0] = CHAP_RESPONSE;
- p[1] = id;
- p[2] = len >> 8;
- p[3] = len;
-
- output(0, response, PPP_HDRLEN + len);
-}
-
-static void
-chap_handle_status(struct chap_client_state *cs, int code, int id,
- unsigned char *pkt, int len)
-{
- const char *msg = NULL;
-
- if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
- != (AUTH_STARTED|LOWERUP))
- return;
- cs->flags |= AUTH_DONE;
-
- UNTIMEOUT(chap_client_timeout, cs);
- cs->flags &= ~TIMEOUT_PENDING;
-
- if (code == CHAP_SUCCESS) {
- /* used for MS-CHAP v2 mutual auth, yuck */
- if (cs->digest->check_success != NULL) {
- if (!(*cs->digest->check_success)(id, pkt, len))
- code = CHAP_FAILURE;
- } else
- msg = "CHAP authentication succeeded";
- } else {
- if (cs->digest->handle_failure != NULL)
- (*cs->digest->handle_failure)(pkt, len);
- else
- msg = "CHAP authentication failed";
- }
- if (msg) {
- if (len > 0)
- info("%s: %.*v", msg, len, pkt);
- else
- info("%s", msg);
- }
- if (code == CHAP_SUCCESS)
- auth_withpeer_success(0, PPP_CHAP, cs->digest->code);
- else {
- cs->flags |= AUTH_FAILED;
- error("CHAP authentication failed");
- auth_withpeer_fail(0, PPP_CHAP);
- }
-}
-
-static void
-chap_input(int unit, unsigned char *pkt, int pktlen)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
- unsigned char code, id;
- int len;
-
- if (pktlen < CHAP_HDRLEN)
- return;
- GETCHAR(code, pkt);
- GETCHAR(id, pkt);
- GETSHORT(len, pkt);
- if (len < CHAP_HDRLEN || len > pktlen)
- return;
- len -= CHAP_HDRLEN;
-
- switch (code) {
- case CHAP_CHALLENGE:
- chap_respond(cs, id, pkt, len);
- break;
- case CHAP_RESPONSE:
- chap_handle_response(ss, id, pkt, len);
- break;
- case CHAP_FAILURE:
- case CHAP_SUCCESS:
- chap_handle_status(cs, code, id, pkt, len);
- break;
- }
-}
-
-static void
-chap_protrej(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- if (ss->flags & TIMEOUT_PENDING) {
- ss->flags &= ~TIMEOUT_PENDING;
- UNTIMEOUT(chap_server_timeout, ss);
- }
- if (ss->flags & AUTH_STARTED) {
- ss->flags = 0;
- auth_peer_fail(0, PPP_CHAP);
- }
- if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
- cs->flags &= ~AUTH_STARTED;
- error("CHAP authentication failed due to protocol-reject");
- auth_withpeer_fail(0, PPP_CHAP);
- }
-}
-
-/*
- * chap_print_pkt - print the contents of a CHAP packet.
- */
-static char *chap_code_names[] = {
- "Challenge", "Response", "Success", "Failure"
-};
-
-static int
-chap_print_pkt(unsigned char *p, int plen,
- void (*printer)(void *, char *, ...), void *arg)
-{
- int code, id, len;
- int clen, nlen;
- unsigned char x;
-
- if (plen < CHAP_HDRLEN)
- return 0;
- GETCHAR(code, p);
- GETCHAR(id, p);
- GETSHORT(len, p);
- if (len < CHAP_HDRLEN || len > plen)
- return 0;
-
- if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *))
- printer(arg, " %s", chap_code_names[code-1]);
- else
- printer(arg, " code=0x%x", code);
- printer(arg, " id=0x%x", id);
- len -= CHAP_HDRLEN;
- switch (code) {
- case CHAP_CHALLENGE:
- case CHAP_RESPONSE:
- if (len < 1)
- break;
- clen = p[0];
- if (len < clen + 1)
- break;
- ++p;
- nlen = len - clen - 1;
- printer(arg, " <");
- for (; clen > 0; --clen) {
- GETCHAR(x, p);
- printer(arg, "%.2x", x);
- }
- printer(arg, ">, name = ");
- print_string((char *)p, nlen, printer, arg);
- break;
- case CHAP_FAILURE:
- case CHAP_SUCCESS:
- printer(arg, " ");
- print_string((char *)p, len, printer, arg);
- break;
- default:
- for (clen = len; clen > 0; --clen) {
- GETCHAR(x, p);
- printer(arg, " %.2x", x);
- }
- }
-
- return len + CHAP_HDRLEN;
-}
-
-struct protent chap_protent = {
- PPP_CHAP,
- chap_init,
- chap_input,
- chap_protrej,
- chap_lowerup,
- chap_lowerdown,
- NULL, /* open */
- NULL, /* close */
- chap_print_pkt,
- NULL, /* datainput */
- 1, /* enabled_flag */
- "CHAP", /* name */
- NULL, /* data_name */
- chap_option_list,
- NULL, /* check_options */
-};
+++ /dev/null
-/*
- * chap-new.c - New CHAP implementation.
- *
- * Copyright (c) 2003 Paul Mackerras. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * 3. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef PPP_CHAP_NEW_H
-#define PPP_CHAP_NEW_H
-
-#include "pppdconf.h"
-
-/*
- * CHAP packets begin with a standard header with code, id, len (2 bytes).
- */
-#define CHAP_HDRLEN 4
-
-/*
- * Values for the code field.
- */
-#define CHAP_CHALLENGE 1
-#define CHAP_RESPONSE 2
-#define CHAP_SUCCESS 3
-#define CHAP_FAILURE 4
-
-/*
- * CHAP digest codes.
- */
-#define CHAP_MD5 5
-#define CHAP_MICROSOFT 0x80
-#define CHAP_MICROSOFT_V2 0x81
-
-/*
- * Semi-arbitrary limits on challenge and response fields.
- */
-#define MAX_CHALLENGE_LEN 64
-#define MAX_RESPONSE_LEN 64
-
-/* bitmask of supported algorithms */
-#define MDTYPE_MICROSOFT_V2 0x1
-#define MDTYPE_MICROSOFT 0x2
-#define MDTYPE_MD5 0x4
-#define MDTYPE_NONE 0
-
-/* hashes supported by this instance of pppd */
-extern int chap_mdtype_all;
-
-/* Return the digest alg. ID for the most preferred digest type. */
-#define CHAP_DIGEST(mdtype) \
- ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
- ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
- ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
- 0
-
-/* Return the bit flag (lsb set) for our most preferred digest type. */
-#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
-
-/* Return the bit flag for a given digest algorithm ID. */
-#define CHAP_MDTYPE_D(digest) \
- ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
- ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
- ((digest) == CHAP_MD5)? MDTYPE_MD5: \
- 0
-
-/* Can we do the requested digest? */
-#define CHAP_CANDIGEST(mdtype, digest) \
- ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
- ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
- ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
- 0
-
-/*
- * The code for each digest type has to supply one of these.
- */
-struct chap_digest_type {
- int code;
-
- /*
- * Note: challenge and response arguments below are formatted as
- * a length byte followed by the actual challenge/response data.
- */
- void (*generate_challenge)(unsigned char *challenge);
- int (*verify_response)(int id, char *name,
- unsigned char *secret, int secret_len,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
- void (*make_response)(unsigned char *response, int id, char *our_name,
- unsigned char *challenge, char *secret, int secret_len,
- unsigned char *priv);
- int (*check_success)(int id, unsigned char *pkt, int len);
- void (*handle_failure)(unsigned char *pkt, int len);
-
- struct chap_digest_type *next;
-};
-
-/* Hook for a plugin to validate CHAP challenge */
-extern int (*chap_verify_hook)(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
-
-/* Called by digest code to register a digest type */
-extern void chap_register_digest(struct chap_digest_type *);
-
-/* Lookup a digest handler by type */
-extern struct chap_digest_type *chap_find_digest(int digest_code);
-
-/* Called by authentication code to start authenticating the peer. */
-extern void chap_auth_peer(int unit, char *our_name, int digest_code);
-
-/* Called by auth. code to start authenticating us to the peer. */
-extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
-
-/* Represents the CHAP protocol to the main pppd code */
-extern struct protent chap_protent;
-
-#endif
--- /dev/null
+/*
+ * chap-new.c - New CHAP implementation.
+ *
+ * Copyright (c) 2003 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@samba.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $"
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include "pppd-private.h"
+#include "options.h"
+#include "session.h"
+#include "chap.h"
+#include "chap-md5.h"
+
+#ifdef PPP_WITH_CHAPMS
+#include "chap_ms.h"
+#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
+#else
+#define MDTYPE_ALL (MDTYPE_MD5)
+#endif
+
+int chap_mdtype_all = MDTYPE_ALL;
+
+/* Hook for a plugin to validate CHAP challenge */
+chap_verify_hook_fn *chap_verify_hook = NULL;
+
+/*
+ * Option variables.
+ */
+int chap_server_timeout_time = 3;
+int chap_max_transmits = 10;
+int chap_rechallenge_time = 0;
+int chap_client_timeout_time = 60;
+int chapms_strip_domain = 0;
+
+/*
+ * Command-line options.
+ */
+static struct option chap_option_list[] = {
+ { "chap-restart", o_int, &chap_server_timeout_time,
+ "Set timeout for CHAP (as server)", OPT_PRIO },
+ { "chap-max-challenge", o_int, &chap_max_transmits,
+ "Set max #xmits for challenge", OPT_PRIO },
+ { "chap-interval", o_int, &chap_rechallenge_time,
+ "Set interval for rechallenge", OPT_PRIO },
+ { "chap-timeout", o_int, &chap_client_timeout_time,
+ "Set timeout for CHAP (as client)", OPT_PRIO },
+ { "chapms-strip-domain", o_bool, &chapms_strip_domain,
+ "Strip the domain prefix before the Username", 1 },
+ { NULL }
+};
+
+/*
+ * Internal state.
+ */
+static struct chap_client_state {
+ int flags;
+ char *name;
+ struct chap_digest_type *digest;
+ unsigned char priv[64]; /* private area for digest's use */
+} client;
+
+/*
+ * These limits apply to challenge and response packets we send.
+ * The +4 is the +1 that we actually need rounded up.
+ */
+#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN)
+#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN)
+
+static struct chap_server_state {
+ int flags;
+ int id;
+ char *name;
+ struct chap_digest_type *digest;
+ int challenge_xmits;
+ int challenge_pktlen;
+ unsigned char challenge[CHAL_MAX_PKTLEN];
+ char message[256];
+} server;
+
+/* Values for flags in chap_client_state and chap_server_state */
+#define LOWERUP 1
+#define AUTH_STARTED 2
+#define AUTH_DONE 4
+#define AUTH_FAILED 8
+#define TIMEOUT_PENDING 0x10
+#define CHALLENGE_VALID 0x20
+
+/*
+ * Prototypes.
+ */
+static void chap_init(int unit);
+static void chap_lowerup(int unit);
+static void chap_lowerdown(int unit);
+static void chap_server_timeout(void *arg);
+static void chap_client_timeout(void *arg);
+static void chap_generate_challenge(struct chap_server_state *ss);
+static void chap_handle_response(struct chap_server_state *ss, int code,
+ unsigned char *pkt, int len);
+static chap_verify_hook_fn chap_verify_response;
+static void chap_respond(struct chap_client_state *cs, int id,
+ unsigned char *pkt, int len);
+static void chap_handle_status(struct chap_client_state *cs, int code, int id,
+ unsigned char *pkt, int len);
+static void chap_protrej(int unit);
+static void chap_input(int unit, unsigned char *pkt, int pktlen);
+static int chap_print_pkt(unsigned char *p, int plen,
+ void (*printer)(void *, char *, ...), void *arg);
+
+/* List of digest types that we know about */
+static struct chap_digest_type *chap_digests;
+
+/*
+ * chap_init - reset to initial state.
+ */
+static void
+chap_init(int unit)
+{
+ memset(&client, 0, sizeof(client));
+ memset(&server, 0, sizeof(server));
+
+ chap_md5_init();
+#ifdef PPP_WITH_CHAPMS
+ chapms_init();
+#endif
+}
+
+/*
+ * Add a new digest type to the list.
+ */
+void
+chap_register_digest(struct chap_digest_type *dp)
+{
+ dp->next = chap_digests;
+ chap_digests = dp;
+}
+
+/*
+ * Lookup a digest type by code
+ */
+struct chap_digest_type *
+chap_find_digest(int digest_code) {
+ struct chap_digest_type *dp = NULL;
+ for (dp = chap_digests; dp != NULL; dp = dp->next)
+ if (dp->code == digest_code)
+ break;
+ return dp;
+}
+
+/*
+ * chap_lowerup - we can start doing stuff now.
+ */
+static void
+chap_lowerup(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ cs->flags |= LOWERUP;
+ ss->flags |= LOWERUP;
+ if (ss->flags & AUTH_STARTED)
+ chap_server_timeout(ss);
+}
+
+static void
+chap_lowerdown(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ if (cs->flags & TIMEOUT_PENDING)
+ UNTIMEOUT(chap_client_timeout, cs);
+ cs->flags = 0;
+ if (ss->flags & TIMEOUT_PENDING)
+ UNTIMEOUT(chap_server_timeout, ss);
+ ss->flags = 0;
+}
+
+/*
+ * chap_auth_peer - Start authenticating the peer.
+ * If the lower layer is already up, we start sending challenges,
+ * otherwise we wait for the lower layer to come up.
+ */
+void
+chap_auth_peer(int unit, char *our_name, int digest_code)
+{
+ struct chap_server_state *ss = &server;
+ struct chap_digest_type *dp;
+
+ if (ss->flags & AUTH_STARTED) {
+ error("CHAP: peer authentication already started!");
+ return;
+ }
+
+ dp = chap_find_digest(digest_code);
+ if (dp == NULL)
+ fatal("CHAP digest 0x%x requested but not available",
+ digest_code);
+
+ ss->digest = dp;
+ ss->name = our_name;
+ /* Start with a random ID value */
+ ss->id = (unsigned char)(drand48() * 256);
+ ss->flags |= AUTH_STARTED;
+ if (ss->flags & LOWERUP)
+ chap_server_timeout(ss);
+}
+
+/*
+ * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
+ * There isn't much to do until we receive a challenge.
+ */
+void
+chap_auth_with_peer(int unit, char *our_name, int digest_code)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_digest_type *dp;
+
+ if (cs->flags & AUTH_STARTED) {
+ error("CHAP: authentication with peer already started!");
+ return;
+ }
+ for (dp = chap_digests; dp != NULL; dp = dp->next)
+ if (dp->code == digest_code)
+ break;
+ if (dp == NULL)
+ fatal("CHAP digest 0x%x requested but not available",
+ digest_code);
+
+ cs->digest = dp;
+ cs->name = our_name;
+ cs->flags |= AUTH_STARTED | TIMEOUT_PENDING;
+ TIMEOUT(chap_client_timeout, cs, chap_client_timeout_time);
+}
+
+/*
+ * chap_server_timeout - It's time to send another challenge to the peer.
+ * This could be either a retransmission of a previous challenge,
+ * or a new challenge to start re-authentication.
+ */
+static void
+chap_server_timeout(void *arg)
+{
+ struct chap_server_state *ss = arg;
+
+ ss->flags &= ~TIMEOUT_PENDING;
+ if ((ss->flags & CHALLENGE_VALID) == 0) {
+ ss->challenge_xmits = 0;
+ chap_generate_challenge(ss);
+ ss->flags |= CHALLENGE_VALID;
+ } else if (ss->challenge_xmits >= chap_max_transmits) {
+ ss->flags &= ~CHALLENGE_VALID;
+ ss->flags |= AUTH_DONE | AUTH_FAILED;
+ auth_peer_fail(0, PPP_CHAP);
+ return;
+ }
+
+ output(0, ss->challenge, ss->challenge_pktlen);
+ ++ss->challenge_xmits;
+ ss->flags |= TIMEOUT_PENDING;
+ TIMEOUT(chap_server_timeout, arg, chap_server_timeout_time);
+}
+
+/* chap_client_timeout - Authentication with peer timed out. */
+static void
+chap_client_timeout(void *arg)
+{
+ struct chap_client_state *cs = arg;
+
+ cs->flags &= ~TIMEOUT_PENDING;
+ cs->flags |= AUTH_DONE | AUTH_FAILED;
+ error("CHAP authentication timed out");
+ auth_withpeer_fail(0, PPP_CHAP);
+}
+
+/*
+ * chap_generate_challenge - generate a challenge string and format
+ * the challenge packet in ss->challenge_pkt.
+ */
+static void
+chap_generate_challenge(struct chap_server_state *ss)
+{
+ int clen = 1, nlen, len;
+ unsigned char *p;
+
+ p = ss->challenge;
+ MAKEHEADER(p, PPP_CHAP);
+ p += CHAP_HDRLEN;
+ ss->digest->generate_challenge(p);
+ clen = *p;
+ nlen = strlen(ss->name);
+ memcpy(p + 1 + clen, ss->name, nlen);
+
+ len = CHAP_HDRLEN + 1 + clen + nlen;
+ ss->challenge_pktlen = PPP_HDRLEN + len;
+
+ p = ss->challenge + PPP_HDRLEN;
+ p[0] = CHAP_CHALLENGE;
+ p[1] = ++ss->id;
+ p[2] = len >> 8;
+ p[3] = len;
+}
+
+/*
+ * chap_handle_response - check the response to our challenge.
+ */
+static void
+chap_handle_response(struct chap_server_state *ss, int id,
+ unsigned char *pkt, int len)
+{
+ int response_len, ok, mlen;
+ unsigned char *response, *p;
+ char *name = NULL;
+ chap_verify_hook_fn *verifier;
+ char rname[MAXNAMELEN+1];
+
+ if ((ss->flags & LOWERUP) == 0)
+ return;
+ if (id != ss->challenge[PPP_HDRLEN+1] || len < 2)
+ return;
+ if (ss->flags & CHALLENGE_VALID) {
+ response = pkt;
+ GETCHAR(response_len, pkt);
+ len -= response_len + 1; /* length of name */
+ name = (char *)pkt + response_len;
+ if (len < 0)
+ return;
+
+ if (ss->flags & TIMEOUT_PENDING) {
+ ss->flags &= ~TIMEOUT_PENDING;
+ UNTIMEOUT(chap_server_timeout, ss);
+ }
+
+ if (explicit_remote) {
+ name = remote_name;
+ } else {
+ /* Null terminate and clean remote name. */
+ slprintf(rname, sizeof(rname), "%.*v", len, name);
+ name = rname;
+
+ /* strip the MS domain name */
+ if (chapms_strip_domain && strrchr(rname, '\\')) {
+ char tmp[MAXNAMELEN+1];
+
+ strcpy(tmp, strrchr(rname, '\\') + 1);
+ strcpy(rname, tmp);
+ }
+ }
+
+ if (chap_verify_hook)
+ verifier = chap_verify_hook;
+ else
+ verifier = chap_verify_response;
+ ok = (*verifier)(name, ss->name, id, ss->digest,
+ ss->challenge + PPP_HDRLEN + CHAP_HDRLEN,
+ response, ss->message, sizeof(ss->message));
+ if (!ok || !auth_number()) {
+ ss->flags |= AUTH_FAILED;
+ warn("Peer %q failed CHAP authentication", name);
+ }
+ } else if ((ss->flags & AUTH_DONE) == 0)
+ return;
+
+ /* send the response */
+ p = outpacket_buf;
+ MAKEHEADER(p, PPP_CHAP);
+ mlen = strlen(ss->message);
+ len = CHAP_HDRLEN + mlen;
+ p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
+ p[1] = id;
+ p[2] = len >> 8;
+ p[3] = len;
+ if (mlen > 0)
+ memcpy(p + CHAP_HDRLEN, ss->message, mlen);
+ output(0, outpacket_buf, PPP_HDRLEN + len);
+
+ if (ss->flags & CHALLENGE_VALID) {
+ ss->flags &= ~CHALLENGE_VALID;
+ if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) {
+ /*
+ * Auth is OK, so now we need to check session restrictions
+ * to ensure everything is OK, but only if we used a
+ * plugin, and only if we're configured to check. This
+ * allows us to do PAM checks on PPP servers that
+ * authenticate against ActiveDirectory, and use AD for
+ * account info (like when using Winbind integrated with
+ * PAM).
+ */
+ if (session_mgmt &&
+ session_check(name, NULL, devnam, NULL) == 0) {
+ ss->flags |= AUTH_FAILED;
+ warn("Peer %q failed CHAP Session verification", name);
+ }
+ }
+ if (ss->flags & AUTH_FAILED) {
+ auth_peer_fail(0, PPP_CHAP);
+ } else {
+ if ((ss->flags & AUTH_DONE) == 0)
+ auth_peer_success(0, PPP_CHAP,
+ ss->digest->code,
+ name, strlen(name));
+ if (chap_rechallenge_time) {
+ ss->flags |= TIMEOUT_PENDING;
+ TIMEOUT(chap_server_timeout, ss,
+ chap_rechallenge_time);
+ }
+ }
+ ss->flags |= AUTH_DONE;
+ }
+}
+
+/*
+ * chap_verify_response - check whether the peer's response matches
+ * what we think it should be. Returns 1 if it does (authentication
+ * succeeded), or 0 if it doesn't.
+ */
+static int
+chap_verify_response(char *name, char *ourname, int id,
+ struct chap_digest_type *digest,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space)
+{
+ int ok;
+ unsigned char secret[MAXSECRETLEN];
+ int secret_len;
+
+ /* Get the secret that the peer is supposed to know */
+ if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) {
+ error("No CHAP secret found for authenticating %q", name);
+ return 0;
+ }
+
+ ok = digest->verify_response(id, name, secret, secret_len, challenge,
+ response, message, message_space);
+ memset(secret, 0, sizeof(secret));
+
+ return ok;
+}
+
+/*
+ * chap_respond - Generate and send a response to a challenge.
+ */
+static void
+chap_respond(struct chap_client_state *cs, int id,
+ unsigned char *pkt, int len)
+{
+ int clen, nlen;
+ int secret_len;
+ unsigned char *p;
+ unsigned char response[RESP_MAX_PKTLEN];
+ char rname[MAXNAMELEN+1];
+ char secret[MAXSECRETLEN+1];
+
+ if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
+ return; /* not ready */
+ if (len < 2 || len < pkt[0] + 1)
+ return; /* too short */
+ clen = pkt[0];
+ nlen = len - (clen + 1);
+
+ /* Null terminate and clean remote name. */
+ slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
+
+ /* Microsoft doesn't send their name back in the PPP packet */
+ if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0))
+ strlcpy(rname, remote_name, sizeof(rname));
+
+ /* get secret for authenticating ourselves with the specified host */
+ if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) {
+ secret_len = 0; /* assume null secret if can't find one */
+ warn("No CHAP secret found for authenticating us to %q", rname);
+ }
+
+ p = response;
+ MAKEHEADER(p, PPP_CHAP);
+ p += CHAP_HDRLEN;
+
+ cs->digest->make_response(p, id, cs->name, pkt,
+ secret, secret_len, cs->priv);
+ memset(secret, 0, secret_len);
+
+ clen = *p;
+ nlen = strlen(cs->name);
+ memcpy(p + clen + 1, cs->name, nlen);
+
+ p = response + PPP_HDRLEN;
+ len = CHAP_HDRLEN + clen + 1 + nlen;
+ p[0] = CHAP_RESPONSE;
+ p[1] = id;
+ p[2] = len >> 8;
+ p[3] = len;
+
+ output(0, response, PPP_HDRLEN + len);
+}
+
+static void
+chap_handle_status(struct chap_client_state *cs, int code, int id,
+ unsigned char *pkt, int len)
+{
+ const char *msg = NULL;
+
+ if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
+ != (AUTH_STARTED|LOWERUP))
+ return;
+ cs->flags |= AUTH_DONE;
+
+ UNTIMEOUT(chap_client_timeout, cs);
+ cs->flags &= ~TIMEOUT_PENDING;
+
+ if (code == CHAP_SUCCESS) {
+ /* used for MS-CHAP v2 mutual auth, yuck */
+ if (cs->digest->check_success != NULL) {
+ if (!(*cs->digest->check_success)(id, pkt, len))
+ code = CHAP_FAILURE;
+ } else
+ msg = "CHAP authentication succeeded";
+ } else {
+ if (cs->digest->handle_failure != NULL)
+ (*cs->digest->handle_failure)(pkt, len);
+ else
+ msg = "CHAP authentication failed";
+ }
+ if (msg) {
+ if (len > 0)
+ info("%s: %.*v", msg, len, pkt);
+ else
+ info("%s", msg);
+ }
+ if (code == CHAP_SUCCESS)
+ auth_withpeer_success(0, PPP_CHAP, cs->digest->code);
+ else {
+ cs->flags |= AUTH_FAILED;
+ error("CHAP authentication failed");
+ auth_withpeer_fail(0, PPP_CHAP);
+ }
+}
+
+static void
+chap_input(int unit, unsigned char *pkt, int pktlen)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+ unsigned char code, id;
+ int len;
+
+ if (pktlen < CHAP_HDRLEN)
+ return;
+ GETCHAR(code, pkt);
+ GETCHAR(id, pkt);
+ GETSHORT(len, pkt);
+ if (len < CHAP_HDRLEN || len > pktlen)
+ return;
+ len -= CHAP_HDRLEN;
+
+ switch (code) {
+ case CHAP_CHALLENGE:
+ chap_respond(cs, id, pkt, len);
+ break;
+ case CHAP_RESPONSE:
+ chap_handle_response(ss, id, pkt, len);
+ break;
+ case CHAP_FAILURE:
+ case CHAP_SUCCESS:
+ chap_handle_status(cs, code, id, pkt, len);
+ break;
+ }
+}
+
+static void
+chap_protrej(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ if (ss->flags & TIMEOUT_PENDING) {
+ ss->flags &= ~TIMEOUT_PENDING;
+ UNTIMEOUT(chap_server_timeout, ss);
+ }
+ if (ss->flags & AUTH_STARTED) {
+ ss->flags = 0;
+ auth_peer_fail(0, PPP_CHAP);
+ }
+ if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
+ cs->flags &= ~AUTH_STARTED;
+ error("CHAP authentication failed due to protocol-reject");
+ auth_withpeer_fail(0, PPP_CHAP);
+ }
+}
+
+/*
+ * chap_print_pkt - print the contents of a CHAP packet.
+ */
+static char *chap_code_names[] = {
+ "Challenge", "Response", "Success", "Failure"
+};
+
+static int
+chap_print_pkt(unsigned char *p, int plen,
+ void (*printer)(void *, char *, ...), void *arg)
+{
+ int code, id, len;
+ int clen, nlen;
+ unsigned char x;
+
+ if (plen < CHAP_HDRLEN)
+ return 0;
+ GETCHAR(code, p);
+ GETCHAR(id, p);
+ GETSHORT(len, p);
+ if (len < CHAP_HDRLEN || len > plen)
+ return 0;
+
+ if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *))
+ printer(arg, " %s", chap_code_names[code-1]);
+ else
+ printer(arg, " code=0x%x", code);
+ printer(arg, " id=0x%x", id);
+ len -= CHAP_HDRLEN;
+ switch (code) {
+ case CHAP_CHALLENGE:
+ case CHAP_RESPONSE:
+ if (len < 1)
+ break;
+ clen = p[0];
+ if (len < clen + 1)
+ break;
+ ++p;
+ nlen = len - clen - 1;
+ printer(arg, " <");
+ for (; clen > 0; --clen) {
+ GETCHAR(x, p);
+ printer(arg, "%.2x", x);
+ }
+ printer(arg, ">, name = ");
+ print_string((char *)p, nlen, printer, arg);
+ break;
+ case CHAP_FAILURE:
+ case CHAP_SUCCESS:
+ printer(arg, " ");
+ print_string((char *)p, len, printer, arg);
+ break;
+ default:
+ for (clen = len; clen > 0; --clen) {
+ GETCHAR(x, p);
+ printer(arg, " %.2x", x);
+ }
+ }
+
+ return len + CHAP_HDRLEN;
+}
+
+struct protent chap_protent = {
+ PPP_CHAP,
+ chap_init,
+ chap_input,
+ chap_protrej,
+ chap_lowerup,
+ chap_lowerdown,
+ NULL, /* open */
+ NULL, /* close */
+ chap_print_pkt,
+ NULL, /* datainput */
+ 1, /* enabled_flag */
+ "CHAP", /* name */
+ NULL, /* data_name */
+ chap_option_list,
+ NULL, /* check_options */
+};
--- /dev/null
+/*
+ * chap-new.c - New CHAP implementation.
+ *
+ * Copyright (c) 2003 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@samba.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_CHAP_NEW_H
+#define PPP_CHAP_NEW_H
+
+#include "pppdconf.h"
+
+/*
+ * CHAP packets begin with a standard header with code, id, len (2 bytes).
+ */
+#define CHAP_HDRLEN 4
+
+/*
+ * Values for the code field.
+ */
+#define CHAP_CHALLENGE 1
+#define CHAP_RESPONSE 2
+#define CHAP_SUCCESS 3
+#define CHAP_FAILURE 4
+
+/*
+ * CHAP digest codes.
+ */
+#define CHAP_MD5 5
+#define CHAP_MICROSOFT 0x80
+#define CHAP_MICROSOFT_V2 0x81
+
+/*
+ * Semi-arbitrary limits on challenge and response fields.
+ */
+#define MAX_CHALLENGE_LEN 64
+#define MAX_RESPONSE_LEN 64
+
+/* bitmask of supported algorithms */
+#define MDTYPE_MICROSOFT_V2 0x1
+#define MDTYPE_MICROSOFT 0x2
+#define MDTYPE_MD5 0x4
+#define MDTYPE_NONE 0
+
+/* hashes supported by this instance of pppd */
+extern int chap_mdtype_all;
+
+/* Return the digest alg. ID for the most preferred digest type. */
+#define CHAP_DIGEST(mdtype) \
+ ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
+ ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
+ ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
+ 0
+
+/* Return the bit flag (lsb set) for our most preferred digest type. */
+#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
+
+/* Return the bit flag for a given digest algorithm ID. */
+#define CHAP_MDTYPE_D(digest) \
+ ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
+ ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_MD5)? MDTYPE_MD5: \
+ 0
+
+/* Can we do the requested digest? */
+#define CHAP_CANDIGEST(mdtype, digest) \
+ ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
+ ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
+ 0
+
+
+/*
+ * The code for each digest type has to supply one of these.
+ */
+struct chap_digest_type {
+ int code;
+
+ /*
+ * Note: challenge and response arguments below are formatted as
+ * a length byte followed by the actual challenge/response data.
+ */
+ void (*generate_challenge)(unsigned char *challenge);
+ int (*verify_response)(int id, char *name,
+ unsigned char *secret, int secret_len,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space);
+ void (*make_response)(unsigned char *response, int id, char *our_name,
+ unsigned char *challenge, char *secret, int secret_len,
+ unsigned char *priv);
+ int (*check_success)(int id, unsigned char *pkt, int len);
+ void (*handle_failure)(unsigned char *pkt, int len);
+
+ struct chap_digest_type *next;
+};
+
+/*
+ * This function will return a value of 1 to indicate that a plugin intend to supply
+ * a username or a password to pppd through the chap_passwd_hook callback.
+ *
+ * Return a value > 0 to avoid parsing the chap-secrets file.
+ */
+typedef int (chap_check_hook_fn)(void);
+extern chap_check_hook_fn *chap_check_hook;
+
+/*
+ * A plugin can chose to supply its own user and password overriding whatever
+ * has been provided by the configuration. Hook is only valid when pppd is
+ * acting as a client.
+ *
+ * The maximum size of the user argument is always MAXNAMELEN
+ * The length of the password is always MAXWORDLEN, however; secrets can't be
+ * longer than MAXSECRETLEN
+ *
+ * Return a value < 0 to fail the connection.
+ */
+typedef int (chap_passwd_hook_fn)(char *user, char *password);
+extern chap_passwd_hook_fn *chap_passwd_hook;
+
+/*
+ * A plugin can chose to replace the default chap_verify_response function with
+ * one of their own.
+ */
+typedef int (chap_verify_hook_fn)(char *name, char *ourname, int id,
+ struct chap_digest_type *digest,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space);
+extern chap_verify_hook_fn *chap_verify_hook;
+
+/* Called by digest code to register a digest type */
+extern void chap_register_digest(struct chap_digest_type *);
+
+/* Lookup a digest handler by type */
+extern struct chap_digest_type *chap_find_digest(int digest_code);
+
+/* Called by authentication code to start authenticating the peer. */
+extern void chap_auth_peer(int unit, char *our_name, int digest_code);
+
+/* Called by auth. code to start authenticating us to the peer. */
+extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
+
+/* Represents the CHAP protocol to the main pppd code */
+extern struct protent chap_protent;
+
+#endif
#include <linux/ppp-comp.h>
#endif
-#include "pppd.h"
-#include "chap-new.h"
+#include "pppd-private.h"
+#include "options.h"
+#include "chap.h"
#include "chap_ms.h"
#include "magic.h"
#include "mppe.h"
-#include "ppp-crypto.h"
-#include "pppcrypt.h"
+#include "crypto.h"
+#include "crypto_ms.h"
#ifdef UNIT_TEST
#undef PPP_WITH_MPPE
/*
* Command-line options.
*/
-static option_t chapms_option_list[] = {
+static struct option chapms_option_list[] = {
#ifdef PPP_WITH_MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
PPP_MD_CTX* ctx;
u_char hash[SHA_DIGEST_LENGTH];
int hash_len;
- char *user;
+ const char *user;
/* remove domain from "domain\username" */
if ((user = strrchr(username, '\\')) != NULL)
* Authenticator Response.
*/
void
-ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
+ChapMS2(unsigned char *rchallenge, unsigned char *PeerChallenge,
char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator)
{
{
chap_register_digest(&chapms_digest);
chap_register_digest(&chapms2_digest);
- add_options(chapms_option_list);
+ ppp_add_options(chapms_option_list);
}
#else
void ChapMS2 (u_char *, u_char *, char *, char *, int,
u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
-void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
+void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
/**
--- /dev/null
+/* ppp-crypo-priv.h - Crypto private data structures
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef PPP_CRYPTO_PRIV_H
+#define PPP_CRYPTO_PRIV_H
+
+#include "crypto.h"
+
+#define MAX_KEY_SIZE 32
+#define MAX_IV_SIZE 32
+
+struct _PPP_MD
+{
+ int (*init_fn)(PPP_MD_CTX *ctx);
+ int (*update_fn)(PPP_MD_CTX *ctx, const void *data, size_t cnt);
+ int (*final_fn)(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen);
+ void (*clean_fn)(PPP_MD_CTX *ctx);
+};
+
+struct _PPP_MD_CTX
+{
+ PPP_MD md;
+ void *priv;
+};
+
+struct _PPP_CIPHER
+{
+ int (*init_fn)(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv);
+ int (*update_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
+ int (*final_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+ void (*clean_fn)(PPP_CIPHER_CTX *ctx);
+};
+
+struct _PPP_CIPHER_CTX
+{
+ PPP_CIPHER cipher;
+ unsigned char key[MAX_KEY_SIZE];
+ unsigned char iv[MAX_IV_SIZE];
+ int is_encr;
+ void *priv;
+};
+
+
+#endif
--- /dev/null
+/* ppp-crypto.c - Generic API for access to crypto/digest functions.
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "crypto.h"
+#include "crypto-priv.h"
+
+#ifdef PPP_WITH_OPENSSL
+#include <openssl/opensslv.h>
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+struct crypto_ctx {
+
+ OSSL_PROVIDER *legacy;
+ OSSL_PROVIDER *provider;
+} g_crypto_ctx;
+#endif
+
+PPP_MD_CTX *PPP_MD_CTX_new()
+{
+ return (PPP_MD_CTX*) calloc(1, sizeof(PPP_MD_CTX));
+}
+
+void PPP_MD_CTX_free(PPP_MD_CTX* ctx)
+{
+ if (ctx) {
+ if (ctx->md.clean_fn) {
+ ctx->md.clean_fn(ctx);
+ }
+ free(ctx);
+ }
+}
+
+int PPP_DigestInit(PPP_MD_CTX *ctx, const PPP_MD *type)
+{
+ if (ctx) {
+ ctx->md = *type;
+ if (ctx->md.init_fn) {
+ return ctx->md.init_fn(ctx);
+ }
+ }
+ return 0;
+}
+
+int PPP_DigestUpdate(PPP_MD_CTX *ctx, const void *data, size_t length)
+{
+ if (ctx && ctx->md.update_fn) {
+ return ctx->md.update_fn(ctx, data, length);
+ }
+ return 0;
+}
+
+int PPP_DigestFinal(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen)
+{
+ if (ctx && ctx->md.final_fn) {
+ return ctx->md.final_fn(ctx, out, outlen);
+ }
+ return 0;
+}
+
+PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void)
+{
+ return calloc(1, sizeof(PPP_CIPHER_CTX));
+}
+
+void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx)
+{
+ if (ctx) {
+ if (ctx->cipher.clean_fn) {
+ ctx->cipher.clean_fn(ctx);
+ }
+ memset(ctx->iv, 0, sizeof(ctx->iv));
+ memset(ctx->key, 0, sizeof(ctx->key));
+ free(ctx);
+ }
+}
+
+int PPP_CipherInit(PPP_CIPHER_CTX *ctx, const PPP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int encr)
+{
+ if (ctx && cipher) {
+ ctx->is_encr = encr;
+ ctx->cipher = *cipher;
+ if (ctx->cipher.init_fn) {
+ ctx->cipher.init_fn(ctx, key, iv);
+ }
+ return 1;
+ }
+ return 0;
+}
+
+int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl)
+{
+ if (ctx && ctx->cipher.update_fn) {
+ return ctx->cipher.update_fn(ctx, out, outl, in, inl);
+ }
+ return 0;
+}
+
+int PPP_CipherFinal(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ if (ctx && ctx->cipher.final_fn) {
+ return ctx->cipher.final_fn(ctx, out, outl);
+ }
+ return 0;
+}
+
+int PPP_crypto_init()
+{
+ int retval = 0;
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ g_crypto_ctx.legacy = OSSL_PROVIDER_load(NULL, "legacy");
+ if (g_crypto_ctx.legacy == NULL)
+ {
+ goto done;
+ }
+
+ g_crypto_ctx.provider = OSSL_PROVIDER_load(NULL, "default");
+ if (g_crypto_ctx.provider == NULL)
+ {
+ goto done;
+ }
+#endif
+ retval = 1;
+
+done:
+
+ return retval;
+}
+
+int PPP_crypto_deinit()
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (g_crypto_ctx.legacy) {
+ OSSL_PROVIDER_unload(g_crypto_ctx.legacy);
+ g_crypto_ctx.legacy = NULL;
+ }
+
+ if (g_crypto_ctx.provider) {
+ OSSL_PROVIDER_unload(g_crypto_ctx.provider);
+ g_crypto_ctx.provider = NULL;
+ }
+#endif
+ return 1;
+}
+
+#ifdef UNIT_TEST
+#include <stdio.h>
+
+int test_md4()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[MD4_DIGEST_LENGTH];
+ unsigned char result[MD4_DIGEST_LENGTH] = {
+ 0x58, 0xcb, 0x37, 0x91, 0x1d, 0x06, 0x7b, 0xdf,
+ 0xfd, 0x48, 0x6d, 0x87, 0x4a, 0x35, 0x5b, 0xd4
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md4())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, MD4_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_md5()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[MD5_DIGEST_LENGTH];
+ unsigned char result[MD5_DIGEST_LENGTH] = {
+ 0x8b, 0xe3, 0x5e, 0x2c, 0x9f, 0x95, 0xbf, 0x4e,
+ 0x16, 0xe4, 0x53, 0xbe, 0x52, 0xf4, 0xbc, 0x4e
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, MD5_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_sha()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[SHA_DIGEST_LENGTH];
+ unsigned char result[SHA_DIGEST_LENGTH] = {
+ 0xa8, 0x03, 0xae, 0x21, 0x30, 0xd8, 0x40, 0xbe,
+ 0x27, 0xa3, 0x47, 0xc7, 0x7a, 0x90, 0xe6, 0xa3,
+ 0x5b, 0xd5, 0x0e, 0x45
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, SHA_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_des_encrypt()
+{
+ PPP_CIPHER_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char key[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+
+ unsigned char plain[80] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20
+ };
+ unsigned char expect[80] = {
+ 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60,
+ 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a,
+ 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8,
+ 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd,
+ 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4,
+ 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49
+ };
+
+ unsigned char cipher[80] = {};
+ int cipher_len = 0;
+ int offset = 0;
+
+
+ ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 1)) {
+
+ if (PPP_CipherUpdate(ctx, cipher, &cipher_len, plain, sizeof(plain))) {
+
+ offset += cipher_len;
+
+ if (PPP_CipherFinal(ctx, cipher+offset, &cipher_len)) {
+
+ if (memcmp(cipher, expect, 80) == 0) {
+
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+
+int test_des_decrypt()
+{
+ PPP_CIPHER_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char key[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+
+ unsigned char cipher[80] = {
+ 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60,
+ 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a,
+ 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8,
+ 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd,
+ 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4,
+ 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49
+ };
+
+ unsigned char expect[80] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20
+ };
+
+ unsigned char plain[80] = {};
+ int outlen = 0;
+ int offset = 0;
+
+ ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 0)) {
+
+ if (PPP_CipherUpdate(ctx, plain, &outlen, cipher, sizeof(cipher))) {
+
+ offset += outlen;
+
+ if (PPP_CipherFinal(ctx, plain+offset, &outlen)) {
+
+ if (memcmp(plain, expect, 80) == 0) {
+
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int main(int argc, char *argv[])
+{
+ int failure = 0;
+
+ if (!PPP_crypto_init()) {
+ printf("Couldn't initialize crypto test\n");
+ return -1;
+ }
+
+ if (!test_md4()) {
+ printf("MD4 test failed\n");
+ failure++;
+ }
+
+ if (!test_md5()) {
+ printf("MD5 test failed\n");
+ failure++;
+ }
+
+ if (!test_sha()) {
+ printf("SHA test failed\n");
+ failure++;
+ }
+
+ if (!test_des_encrypt()) {
+ printf("DES encryption test failed\n");
+ failure++;
+ }
+
+ if (!test_des_decrypt()) {
+ printf("DES decryption test failed\n");
+ failure++;
+ }
+
+ if (!PPP_crypto_deinit()) {
+ printf("Couldn't deinitialize crypto test\n");
+ return -1;
+ }
+
+ return failure;
+}
+
+#endif
--- /dev/null
+/* ppp-crypto.h - Generic API for access to crypto/digest functions.
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_CRYPTO_H
+#define PPP_CRYPTO_H
+
+#ifndef MD5_DIGEST_LENGTH
+#define MD5_DIGEST_LENGTH 16
+#endif
+
+#ifndef MD4_DIGEST_LENGTH
+#define MD4_DIGEST_LENGTH 16
+#endif
+
+#ifndef SHA_DIGEST_LENGTH
+#define SHA_DIGEST_LENGTH 20
+#endif
+
+struct _PPP_MD_CTX;
+struct _PPP_MD;
+
+typedef struct _PPP_MD_CTX PPP_MD_CTX;
+typedef struct _PPP_MD PPP_MD;
+
+/*
+ * Create a new Message Digest context object
+ */
+PPP_MD_CTX *PPP_MD_CTX_new();
+
+/*
+ * Free the Message Digest context
+ */
+void PPP_MD_CTX_free(PPP_MD_CTX*);
+
+/*
+ * Fetch the MD4 algorithm
+ */
+const PPP_MD *PPP_md4(void);
+
+/*
+ * Fetch the MD5 algorithm
+ */
+const PPP_MD *PPP_md5(void);
+
+/*
+ * Fetch the SHA1 algorithm
+ */
+const PPP_MD *PPP_sha1(void);
+
+/*
+ * Initializes a context object
+ */
+int PPP_DigestInit(PPP_MD_CTX *ctx,
+ const PPP_MD *type);
+
+/*
+ * For each iteration update the context with more input
+ */
+int PPP_DigestUpdate(PPP_MD_CTX *ctx,
+ const void *data, size_t cnt);
+
+/*
+ * Perform the final operation, and output the digest
+ */
+int PPP_DigestFinal(PPP_MD_CTX *ctx,
+ unsigned char *out, unsigned int *outlen);
+
+
+struct _PPP_CIPHER_CTX;
+struct _PPP_CIPHER;
+
+typedef struct _PPP_CIPHER_CTX PPP_CIPHER_CTX;
+typedef struct _PPP_CIPHER PPP_CIPHER;
+
+
+/*
+ * Create a new Cipher Context
+ */
+PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void);
+
+/*
+ * Release the Cipher Context
+ */
+void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx);
+
+/*
+ * Fetch the DES in ECB mode cipher algorithm
+ */
+const PPP_CIPHER *PPP_des_ecb(void);
+
+/*
+ * Set the particular data directly
+ */
+void PPP_CIPHER_CTX_set_cipher_data(PPP_CIPHER_CTX *ctx,
+ const unsigned char *key);
+
+/*
+ * Initialize the crypto operation
+ */
+int PPP_CipherInit(PPP_CIPHER_CTX *ctx,
+ const PPP_CIPHER *cipher,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int encr);
+
+/*
+ * Encrypt input data, and store it in the output buffer
+ */
+int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+
+/*
+ * Finish the crypto operation, and fetch any outstanding bytes
+ */
+int PPP_CipherFinal(PPP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+
+/*
+ * Global initialization, must be called once per process
+ */
+int PPP_crypto_init();
+
+/*
+ * Global deinitialization
+ */
+int PPP_crypto_deinit();
+
+#endif
--- /dev/null
+/*
+ * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
+ *
+ * Extracted from chap_ms.c by James Carlson.
+ *
+ * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stddef.h>
+
+#include "crypto.h"
+#include "crypto_ms.h"
+
+
+/*
+ * DES_set_odd_parity function are imported from openssl 3.0 project with the
+ * follwoing license:
+ *
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+typedef unsigned char DES_cblock[8];
+#define DES_KEY_SZ (sizeof(DES_cblock))
+
+static const unsigned char odd_parity[256] = {
+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
+ 110,
+ 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
+ 127,
+ 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
+ 143,
+ 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
+ 158,
+ 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
+ 174,
+ 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
+ 191,
+ 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
+ 206,
+ 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
+ 223,
+ 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
+ 239,
+ 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
+ 254
+};
+
+static void DES_set_odd_parity(DES_cblock *key)
+{
+ unsigned int i;
+ for (i = 0; i < DES_KEY_SZ; i++)
+ (*key)[i] = odd_parity[(*key)[i]];
+}
+
+static unsigned char
+Get7Bits(const unsigned char *input, int startBit)
+{
+ unsigned int word;
+
+ word = (unsigned)input[startBit / 8] << 8;
+ word |= (unsigned)input[startBit / 8 + 1];
+
+ word >>= 15 - (startBit % 8 + 7);
+
+ return word & 0xFE;
+}
+
+static void
+MakeKey(const unsigned char *key, unsigned char *des_key)
+{
+ /* key IN 56 bit DES key missing parity bits */
+ /* des_key OUT 64 bit DES key with parity bits added */
+ des_key[0] = Get7Bits(key, 0);
+ des_key[1] = Get7Bits(key, 7);
+ des_key[2] = Get7Bits(key, 14);
+ des_key[3] = Get7Bits(key, 21);
+ des_key[4] = Get7Bits(key, 28);
+ des_key[5] = Get7Bits(key, 35);
+ des_key[6] = Get7Bits(key, 42);
+ des_key[7] = Get7Bits(key, 49);
+
+ DES_set_odd_parity((DES_cblock *)des_key);
+}
+
+#include <openssl/evp.h>
+
+int
+DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher)
+{
+ int retval = 0;
+ unsigned int clen = 0;
+ unsigned char des_key[8];
+
+ PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ MakeKey(key, des_key);
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 1)) {
+
+ if (PPP_CipherUpdate(ctx, cipher, &clen, clear, 8)) {
+
+ if (PPP_CipherFinal(ctx, cipher + clen, &clen)) {
+
+ retval = 1;
+ }
+ }
+ }
+
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return (retval);
+}
+
+int
+DesDecrypt(unsigned char *cipher, unsigned char *key, unsigned char *clear)
+{
+ int retval = 0;
+ unsigned int clen = 0;
+ unsigned char des_key[8];
+
+ PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ MakeKey(key, des_key);
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 0)) {
+
+ if (PPP_CipherUpdate(ctx, clear, &clen, cipher, 8)) {
+
+ if (PPP_CipherFinal(ctx, clear + clen, &clen)) {
+
+ retval = 1;
+ }
+ }
+ }
+
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return (retval);
+}
+
+#ifdef UNIT_TEST_MSCRYPTO
+
+#include <string.h>
+#include <stdio.h>
+
+/**
+ * The test-vectors are taken from RFC2759.
+ */
+int test_encrypt()
+{
+ unsigned char Challenge[8] = {
+ 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26
+ };
+
+ unsigned char ZPasswordHash[21] = {
+ 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
+ 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
+ };
+
+ unsigned char expected[24] = {
+ 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
+ 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
+ 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
+ };
+ unsigned char response[24] = {};
+ unsigned int retval = 0;
+
+ DesEncrypt(Challenge, ZPasswordHash + 0, response + 0);
+ DesEncrypt(Challenge, ZPasswordHash + 7, response + 8);
+ DesEncrypt(Challenge, ZPasswordHash + 14, response + 16);
+
+ return memcmp(response, expected, sizeof(response)) == 0;
+}
+
+int test_decrypt()
+{
+ unsigned char Challenge[8] = {
+ 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26
+ };
+
+ unsigned char ZPasswordHash[21] = {
+ 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
+ 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
+ };
+
+ unsigned char Response[24] = {
+ 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
+ 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
+ 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
+ };
+ unsigned char Output[8];
+ unsigned int failure = 0;
+
+ if (DesDecrypt(Response + 0, ZPasswordHash + 0, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ if (DesDecrypt(Response + 8, ZPasswordHash + 7, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ if (DesDecrypt(Response +16, ZPasswordHash +14, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ return failure == 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int failure = 0;
+
+ if (!PPP_crypto_init()) {
+ printf("Couldn't initialize crypto test\n");
+ return -1;
+ }
+
+ if (!test_encrypt()) {
+ printf("CHAP DES encryption test failed\n");
+ failure++;
+ }
+
+ if (!test_decrypt()) {
+ printf("CHAP DES decryption test failed\n");
+ failure++;
+ }
+
+ if (!PPP_crypto_deinit()) {
+ printf("Couldn't deinitialize crypto test\n");
+ return -1;
+ }
+
+ return failure;
+}
+
+#endif
--- /dev/null
+/*
+ * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
+ *
+ * Extracted from chap_ms.c by James Carlson.
+ * Updated to better reflect RFC2759 by Eivind Naess
+ *
+ * Copyright (c) 2022 Eivind Naess. All rights reserved.
+ * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef PPP_PPPCRYPT_H
+#define PPP_PPPCRYPT_H
+
+#include "pppdconf.h"
+
+/**
+ * This is the DES encrypt functions as described by RFC2759.
+ *
+ * Parameters:
+ * unsigned char *clear:
+ * A 8 byte input array to be encrypted
+ *
+ * unsigned char *key:
+ * A raw 7-byte array to be expanded to 8 with odd-parity
+ *
+ * unsigned char *cipher:
+ * A 8 byte outut array providing space for the output data
+ *
+ * DesEncrypt returns 1 on success
+ */
+int DesEncrypt(unsigned char *clear, unsigned char *key,
+ unsigned char *cipher);
+
+/**
+ * This is the DES decrypt functions as described by RFC2759.
+ *
+ * Parameters:
+ * unsigned char *cipher:
+ * A 8 byte input array to be decrypted
+ *
+ * unsigned char *key:
+ * A raw 7-byte array to be expanded to a 8-byte key with odd-parity
+ *
+ * unsigned char *clear:
+ * A 8 byte output array providing space for the output data
+ *
+ * DesDecrypt returns 1 on success
+ */
+int DesDecrypt(unsigned char *cipher, unsigned char *key,
+ unsigned char *clear);
+
+#endif /* PPP_PPPCRYPT_H */
#include <pcap-bpf.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "ipcp.h"
#include "lcp.h"
flush_flag = 0;
fcs = PPP_INITFCS;
- netif_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU));
+ ppp_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU));
if (ppp_send_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0
|| ppp_recv_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0)
fatal("Couldn't set up demand-dialled PPP interface: %m");
#include <openssl/x509v3.h>
#include <openssl/pkcs12.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "tls.h"
#include "eap.h"
#include "eap-tls.h"
#include <assert.h>
#include <errno.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "pathnames.h"
-#include "ppp-crypto.h"
-#include "pppcrypt.h"
+#include "crypto.h"
+#include "crypto_ms.h"
#include "eap.h"
#ifdef PPP_WITH_PEAP
#include "peap.h"
#endif /* PPP_WITH_EAPTLS */
#ifdef PPP_WITH_CHAPMS
+#include "chap.h"
#include "chap_ms.h"
-#include "chap-new.h"
extern int chapms_strip_domain;
#endif /* PPP_WITH_CHAPMS */
/*
* Command-line options.
*/
-static option_t eap_option_list[] = {
+static struct option eap_option_list[] = {
{ "eap-restart", o_int, &eap_states[0].es_server.ea_timeout,
"Set retransmit timeout for EAP Requests (server)" },
{ "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests,
#endif /* PPP_WITH_EAPTLS */
#ifdef PPP_WITH_CHAPMS
u_char opcode;
- int (*chap_verifier)(char *, char *, int, struct chap_digest_type *,
- unsigned char *, unsigned char *, char *, int);
+ chap_verify_hook_fn *chap_verifier;
char response_message[256];
#endif /* PPP_WITH_CHAPMS */
char *ea_name; /* Our name */
char *ea_peer; /* Peer's name */
void *ea_session; /* Authentication library linkage */
- u_char *ea_skey; /* Shared encryption key */
+ unsigned char *ea_skey; /* Shared encryption key */
int ea_timeout; /* Time to wait (for retransmit/fail) */
int ea_maxrequests; /* Max Requests allowed */
- u_short ea_namelen; /* Length of our name */
- u_short ea_peerlen; /* Length of peer's name */
+ unsigned short ea_namelen; /* Length of our name */
+ unsigned short ea_peerlen; /* Length of peer's name */
enum eap_state_code ea_state;
#ifdef PPP_WITH_EAPTLS
enum eap_state_code ea_prev_state;
#ifdef PPP_WITH_CHAPMS
struct chap_digest_type *digest;
#endif
- u_char ea_id; /* Current id */
- u_char ea_requests; /* Number of Requests sent/received */
- u_char ea_responses; /* Number of Responses */
- u_char ea_type; /* One of EAPT_* */
- u_int32_t ea_keyflags; /* SRP shared key usage flags */
+ unsigned char ea_id; /* Current id */
+ unsigned char ea_requests; /* Number of Requests sent/received */
+ unsigned char ea_responses; /* Number of Responses */
+ unsigned char ea_type; /* One of EAPT_* */
+ uint32_t ea_keyflags; /* SRP shared key usage flags */
#ifdef PPP_WITH_EAPTLS
bool ea_using_eaptls;
#endif
bool es_usepseudo; /* Use SRP Pseudonym if offered one */
int es_usedpseudo; /* Set if we already sent PN */
int es_challen; /* Length of challenge string */
- u_char es_challenge[MAX_CHALLENGE_LENGTH];
+ unsigned char es_challenge[MAX_CHALLENGE_LENGTH];
} eap_state;
/*
extern struct protent eap_protent;
+#ifdef PPP_WITH_EAPTLS
+typedef int (eaptls_passwd_hook_fn)(char *user, char *passwd);
+extern eaptls_passwd_hook_fn *eaptls_passwd_hook;
+#endif
+
#ifdef __cplusplus
}
#endif
#include <string.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ecp.h"
-static option_t ecp_option_list[] = {
+static struct option ecp_option_list[] = {
{ "noecp", o_bool, &ecp_protent.enabled_flag,
"Disable ECP negotiation" },
{ "-ecp", o_bool, &ecp_protent.enabled_flag,
#include "config.h"
#endif
-#include "pppd.h"
+#include "pppd-private.h"
/*
#include "pppdconf.h"
-#if !defined(PPP_WITH_IPV6CP)
-#error "this file should only be included when PPP_WITH_IPV6CP is defined"
-#endif /* not defined(PPP_WITH_IPV6CP) */
+#if defined(SOL2)
+#include <netinet/in.h>
+
+typedef union {
+ uint8_t e8[8]; /* lower 64-bit IPv6 address */
+ uint32_t e32[2]; /* lower 64-bit IPv6 address */
+} eui64_t;
+
+/*
+ * Declare the two below, since in.h only defines them when _KERNEL
+ * is declared - which shouldn't be true when dealing with user-land programs
+ */
+#define s6_addr8 _S6_un._S6_u8
+#define s6_addr32 _S6_un._S6_u32
+
+#else /* else if not defined(SOL2) */
+
+/*
+ * TODO:
+ *
+ * Maybe this should be done by processing struct in6_addr directly...
+ */
+typedef union
+{
+ u_int8_t e8[8];
+ u_int16_t e16[4];
+ u_int32_t e32[2];
+} eui64_t;
+
+#endif /* defined(SOL2) */
#define eui64_iszero(e) (((e).e32[0] | (e).e32[1]) == 0)
#define eui64_equals(e, o) (((e).e32[0] == (o).e32[0]) && \
#include <string.h>
#include <sys/types.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
int protocol; /* Data Link Layer Protocol field value */
int state; /* State */
int flags; /* Contains option bits */
- u_char id; /* Current id */
- u_char reqid; /* Current request id */
- u_char seen_ack; /* Have received valid Ack/Nak/Rej to Req */
+ unsigned char id; /* Current id */
+ unsigned char reqid; /* Current request id */
+ unsigned char seen_ack; /* Have received valid Ack/Nak/Rej to Req */
int timeouttime; /* Timeout time in milliseconds */
int maxconfreqtransmits; /* Maximum Configure-Request transmissions */
int retransmits; /* Number of retransmissions left */
void (*resetci)(fsm *); /* Reset our Configuration Information */
int (*cilen)(fsm *); /* Length of our Configuration Information */
void (*addci) /* Add our Configuration Information */
- (fsm *, u_char *, int *);
+ (fsm *, unsigned char *, int *);
int (*ackci) /* ACK our Configuration Information */
- (fsm *, u_char *, int);
+ (fsm *, unsigned char *, int);
int (*nakci) /* NAK our Configuration Information */
- (fsm *, u_char *, int, int);
+ (fsm *, unsigned char *, int, int);
int (*rejci) /* Reject our Configuration Information */
- (fsm *, u_char *, int);
+ (fsm *, unsigned char *, int);
int (*reqci) /* Request peer's Configuration Information */
- (fsm *, u_char *, int *, int);
+ (fsm *, unsigned char *, int *, int);
void (*up)(fsm *); /* Called when fsm reaches OPENED state */
void (*down)(fsm *); /* Called when fsm leaves OPENED state */
void (*starting)(fsm *); /* Called when we want the lower layer */
void (*protreject)(int); /* Called when Protocol-Reject received */
void (*retransmit)(fsm *); /* Retransmission is necessary */
int (*extcode) /* Called when unknown code received */
- (fsm *, int, int, u_char *, int);
+ (fsm *, int, int, unsigned char *, int);
char *proto_name; /* String name for protocol (for messages) */
} fsm_callbacks;
void fsm_lowerdown (fsm *);
void fsm_open (fsm *);
void fsm_close (fsm *, char *);
-void fsm_input (fsm *, u_char *, int);
+void fsm_input (fsm *, unsigned char *, int);
void fsm_protreject (fsm *);
-void fsm_sdata (fsm *, int, int, u_char *, int);
+void fsm_sdata (fsm *, int, int, unsigned char *, int);
/*
#include "config.h"
#endif
-/*
- * TODO:
- */
-
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include <net/if.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ipcp.h"
#include "pathnames.h"
ipcp_options ipcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */
ipcp_options ipcp_hisoptions[NUM_PPP]; /* Options that we ack'd */
+char *ipparam = NULL; /* Extra parameter for ip up/down scripts */
u_int32_t netmask = 0; /* IP netmask to set on interface */
bool disable_defaultip = 0; /* Don't use hostname for default IP adrs */
bool noremoteip = 0; /* Let him have no IP address */
-/* Hook for a plugin to know when IP protocol has come up */
-void (*ip_up_hook)(void) = NULL;
-
-/* Hook for a plugin to know when IP protocol has come down */
-void (*ip_down_hook)(void) = NULL;
+ip_up_hook_fn *ip_up_hook = NULL;
+ip_down_hook_fn *ip_down_hook = NULL;
+ip_choose_hook_fn *ip_choose_hook = NULL;
-/* Hook for a plugin to choose the remote IP address */
-void (*ip_choose_hook)(u_int32_t *) = NULL;
/* Notifiers for when IPCP goes up and down */
struct notifier *ip_up_notifier = NULL;
static int setwinsaddr (char **);
static int setnetmask (char **);
int setipaddr (char *, char **, int);
-static void printipaddr (option_t *, void (*)(void *, char *,...),void *);
+static void printipaddr (struct option *, void (*)(void *, char *,...),void *);
-static option_t ipcp_option_list[] = {
+static struct option ipcp_option_list[] = {
{ "noip", o_bool, &ipcp_protent.enabled_flag,
"Disable IP and IPCP" },
{ "-ip", o_bool, &ipcp_protent.enabled_flag,
{
int value;
- if (!int_option(*argv, &value))
+ if (!ppp_int_option(*argv, &value))
return 0;
if (value < 2 || value > 16) {
- option_error("vj-max-slots value must be between 2 and 16");
+ ppp_option_error("vj-max-slots value must be between 2 and 16");
return 0;
}
ipcp_wantoptions [0].maxslotindex =
dns = inet_addr(*argv);
if (dns == (u_int32_t) -1) {
if ((hp = gethostbyname(*argv)) == NULL) {
- option_error("invalid address parameter '%s' for ms-dns option",
+ ppp_option_error("invalid address parameter '%s' for ms-dns option",
*argv);
return 0;
}
wins = inet_addr(*argv);
if (wins == (u_int32_t) -1) {
if ((hp = gethostbyname(*argv)) == NULL) {
- option_error("invalid address parameter '%s' for ms-wins option",
+ ppp_option_error("invalid address parameter '%s' for ms-wins option",
*argv);
return 0;
}
*colon = '\0';
if ((local = inet_addr(arg)) == (u_int32_t) -1) {
if ((hp = gethostbyname(arg)) == NULL) {
- option_error("unknown host: %s", arg);
+ ppp_option_error("unknown host: %s", arg);
return 0;
}
local = *(u_int32_t *)hp->h_addr;
}
- if (bad_ip_adrs(local)) {
- option_error("bad local IP address %s", ip_ntoa(local));
+ if (ppp_bad_ip_addr(local)) {
+ ppp_option_error("bad local IP address %s", ip_ntoa(local));
return 0;
}
if (local != 0)
if (*++colon != '\0' && option_priority >= prio_remote) {
if ((remote = inet_addr(colon)) == (u_int32_t) -1) {
if ((hp = gethostbyname(colon)) == NULL) {
- option_error("unknown host: %s", colon);
+ ppp_option_error("unknown host: %s", colon);
return 0;
}
remote = *(u_int32_t *)hp->h_addr;
if (remote_name[0] == 0)
strlcpy(remote_name, colon, sizeof(remote_name));
}
- if (bad_ip_adrs(remote)) {
- option_error("bad remote IP address %s", ip_ntoa(remote));
+ if (ppp_bad_ip_addr(remote)) {
+ ppp_option_error("bad remote IP address %s", ip_ntoa(remote));
return 0;
}
if (remote != 0)
}
static void
-printipaddr(option_t *opt, void (*printer) (void *, char *, ...), void *arg)
+printipaddr(struct option *opt, void (*printer) (void *, char *, ...), void *arg)
{
ipcp_options *wo = &ipcp_wantoptions[0];
mask = htonl(mask);
if (n == 0 || p[n] != 0 || (netmask & ~mask) != 0) {
- option_error("invalid netmask value '%s'", *argv);
+ ppp_option_error("invalid netmask value '%s'", *argv);
return 0;
}
return p - p0;
}
+const char *ppp_ipparam()
+{
+ return ipparam;
+}
+
/*
* ipcp_init - Initialize IPCP.
wo->accept_local = 1; /* don't insist on this default value */
if ((hp = gethostbyname(hostname)) != NULL) {
local = *(u_int32_t *)hp->h_addr;
- if (local != 0 && !bad_ip_adrs(local))
+ if (local != 0 && !ppp_bad_ip_addr(local))
wo->ouraddr = local;
}
}
warn("Could not determine remote IP address: defaulting to %I",
ho->hisaddr);
}
- script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0);
+ ppp_script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0);
if (ho->hisaddr != 0)
- script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1);
+ ppp_script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1);
if (!go->req_dns1)
go->dnsaddr[0] = 0;
if (!go->req_dns2)
go->dnsaddr[1] = 0;
if (go->dnsaddr[0])
- script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0);
+ ppp_script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0);
if (go->dnsaddr[1])
- script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0);
+ ppp_script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0);
if (usepeerdns && (go->dnsaddr[0] || go->dnsaddr[1])) {
- script_setenv("USEPEERDNS", "1", 0);
+ ppp_script_setenv("USEPEERDNS", "1", 0);
create_resolv(go->dnsaddr[0], go->dnsaddr[1]);
}
if (go->winsaddr[0])
- script_setenv("WINS1", ip_ntoa(go->winsaddr[0]), 0);
+ ppp_script_setenv("WINS1", ip_ntoa(go->winsaddr[0]), 0);
if (go->winsaddr[1])
- script_setenv("WINS2", ip_ntoa(go->winsaddr[1]), 0);
+ ppp_script_setenv("WINS2", ip_ntoa(go->winsaddr[1]), 0);
if (usepeerwins && (go->winsaddr[0] || go->winsaddr[1]))
- script_setenv("USEPEERWINS", "1", 0);
+ ppp_script_setenv("USEPEERWINS", "1", 0);
/*
* Check that the peer is allowed to use the IP address it wants.
wo->replace_default_route);
if (go->ouraddr != wo->ouraddr) {
warn("Local IP address changed to %I", go->ouraddr);
- script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
+ ppp_script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
wo->ouraddr = go->ouraddr;
} else
- script_unsetenv("OLDIPLOCAL");
+ ppp_script_unsetenv("OLDIPLOCAL");
if (ho->hisaddr != wo->hisaddr) {
warn("Remote IP address changed to %I", ho->hisaddr);
if (wo->hisaddr != 0)
- script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0);
+ ppp_script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0);
wo->hisaddr = ho->hisaddr;
} else
- script_unsetenv("OLDIPREMOTE");
+ ppp_script_unsetenv("OLDIPREMOTE");
/* Set the interface to the new addresses */
mask = GetMask(go->ouraddr);
* before the interface is marked down. */
/* XXX more correct: we must get the stats before running the notifiers,
* at least for the radius plugin */
- update_link_stats(f->unit);
+ ppp_get_link_stats(NULL);
notify(ip_down_notifier, 0);
if (ip_down_hook)
ip_down_hook();
int vj_protocol; /* protocol value to use in VJ option */
int maxslotindex; /* values for RFC1332 VJ compression neg. */
bool cflag;
- u_int32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */
- u_int32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */
- u_int32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
+ uint32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */
+ uint32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */
+ uint32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
} ipcp_options;
extern fsm ipcp_fsm[];
extern ipcp_options ipcp_allowoptions[];
extern ipcp_options ipcp_hisoptions[];
-char *ip_ntoa(u_int32_t);
+char *ip_ntoa(uint32_t);
extern struct protent ipcp_protent;
+/*
+ * Hook for a plugin to know when IP protocol has come up
+ */
+typedef void (ip_up_hook_fn)(void);
+extern ip_up_hook_fn *ip_up_hook;
+
+/*
+ * Hook for a plugin to know when IP protocol has come down
+ */
+typedef void (ip_down_hook_fn)(void);
+extern ip_down_hook_fn *ip_down_hook;
+
+/*
+ * Hook for a plugin to choose the remote IP address
+ */
+typedef void (ip_choose_hook_fn)(uint32_t *);
+extern ip_choose_hook_fn *ip_choose_hook;
+
#endif /* PPP_IPCP_H */
#include <netinet/in.h>
#include <arpa/inet.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "eui64.h"
#include "ipcp.h"
static int ipv6cp_is_up;
static bool ipv6cp_noremote;
-/* Hook for a plugin to know when IPv6 protocol has come up */
-void (*ipv6_up_hook)(void) = NULL;
-
-/* Hook for a plugin to know when IPv6 protocol has come down */
-void (*ipv6_down_hook)(void) = NULL;
+ipv6_up_hook_fn *ipv6_up_hook = NULL;
+ipv6_down_hook_fn *ipv6_down_hook = NULL;
/* Notifiers for when IPCPv6 goes up and down */
struct notifier *ipv6_up_notifier = NULL;
* Command-line options.
*/
static int setifaceid (char **arg);
-static void printifaceid (option_t *,
+static void printifaceid (struct option *,
void (*)(void *, char *, ...), void *);
-static option_t ipv6cp_option_list[] = {
+static struct option ipv6cp_option_list[] = {
{ "ipv6", o_special, (void *)setifaceid,
"Set interface identifiers for IPV6",
OPT_A2PRINTER, (void *)printifaceid },
*comma = '\0';
if (inet_pton(AF_INET6, arg, &addr) == 0 || !VALIDID(addr)) {
- option_error("Illegal interface identifier (local): %s", arg);
+ ppp_option_error("Illegal interface identifier (local): %s", arg);
return 0;
}
*/
if (*comma != 0 && *++comma != '\0') {
if (inet_pton(AF_INET6, comma, &addr) == 0 || !VALIDID(addr)) {
- option_error("Illegal interface identifier (remote): %s", comma);
+ ppp_option_error("Illegal interface identifier (remote): %s", comma);
return 0;
}
if (option_priority >= prio_remote) {
char *llv6_ntoa(eui64_t ifaceid);
static void
-printifaceid(option_t *opt, void (*printer) (void *, char *, ...), void *arg)
+printifaceid(struct option *opt, void (*printer) (void *, char *, ...), void *arg)
{
ipv6cp_options *wo = &ipv6cp_wantoptions[0];
return;
}
}
- script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0);
+ ppp_script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0);
if (!eui64_iszero(ho->hisid))
- script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0);
+ ppp_script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0);
#ifdef IPV6CP_COMP
/* set tcp compression */
ipv6cp_down(fsm *f)
{
IPV6CPDEBUG(("ipv6cp: down"));
- update_link_stats(f->unit);
+ ppp_get_link_stats(NULL);
notify(ipv6_down_notifier, 0);
if (ipv6_down_hook)
ipv6_down_hook();
extern struct protent ipv6cp_protent;
+/*
+ * Hook for a plugin to know when IPv6 protocol has come up
+ */
+typedef void (ipv6_up_hook_fn)(void);
+extern ipv6_up_hook_fn *ipv6_up_hook;
+
+/*
+ * Hook for a plugin to know when IPv6 protocol has come down
+ */
+typedef void (ipv6_down_hook_fn)(void);
+extern ipv6_down_hook_fn *ipv6_down_hook;
+
#endif
#include <string.h>
#include <stdlib.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
#include "eap.h"
-#include "chap-new.h"
+#include "chap.h"
#include "magic.h"
-
+#include "multilink.h"
/*
* When the link comes up we want to be able to wait for a short while,
static void printendpoint(option_t *, void (*)(void *, char *, ...), void *);
#endif /* PPP_WITH_MULTILINK */
-static option_t lcp_option_list[] = {
+static struct option lcp_option_list[] = {
/* LCP options */
{ "-all", o_special_noarg, (void *)noopt,
"Don't request/allow any LCP options" },
lcp_wantoptions[0].neg_endpoint = 1;
return 1;
}
- option_error("Can't parse '%s' as an endpoint discriminator", *argv);
+ ppp_option_error("Can't parse '%s' as an endpoint discriminator", *argv);
return 0;
}
fsm *f = &lcp_fsm[unit];
int oldstate;
- if (phase != PHASE_DEAD && phase != PHASE_MASTER)
+ if (!in_phase(PHASE_DEAD) && !in_phase(PHASE_MASTER))
new_phase(PHASE_TERMINATE);
if (f->flags & DELAYED_UP) {
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
f->state = STOPPED;
}
oldstate = f->state;
if (listen_time != 0) {
f->flags |= DELAYED_UP;
- timeout(lcp_delayed_up, f, 0, listen_time * 1000);
+ ppp_timeout(lcp_delayed_up, f, 0, listen_time * 1000);
} else
fsm_lowerup(f);
}
if (f->flags & DELAYED_UP) {
f->flags &= ~DELAYED_UP;
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
} else
fsm_lowerdown(&lcp_fsm[unit]);
}
if (f->flags & DELAYED_UP) {
f->flags &= ~DELAYED_UP;
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
fsm_lowerup(f);
}
fsm_input(f, p, len);
if (looped_back) {
if (++try.numloops >= lcp_loopbackfail) {
notice("Serial line is looped back.");
- status = EXIT_LOOPBACK;
+ ppp_set_status(EXIT_LOOPBACK);
lcp_close(f->unit, "Loopback detected");
}
} else
#ifdef PPP_WITH_MULTILINK
if (!(multilink && go->neg_mrru && ho->neg_mrru))
#endif /* PPP_WITH_MULTILINK */
- netif_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
+ ppp_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
ppp_send_config(f->unit, mtu,
(ho->neg_asyncmap? ho->asyncmap: 0xffffffff),
ho->neg_pcompression, ho->neg_accompression);
if (f->state == OPENED) {
info("No response to %d echo-requests", lcp_echos_pending);
notice("Serial link appears to be disconnected.");
- status = EXIT_PEER_DEAD;
+ ppp_set_status(EXIT_PEER_DEAD);
lcp_close(f->unit, "Peer not responding");
}
}
/* Value used as data for CI_CALLBACK option */
#define CBCP_OPT 6 /* Use callback control protocol */
+/* An endpoint discriminator, used with multilink. */
+#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */
+struct epdisc {
+ unsigned char class;
+ unsigned char length;
+ unsigned char value[MAX_ENDP_LEN];
+};
+
/*
* The state of options is described by an lcp_options structure.
*/
bool neg_endpoint; /* negotiate endpoint discriminator */
int mru; /* Value of MRU */
int mrru; /* Value of MRRU, and multilink enable */
- u_char chap_mdtype; /* which MD types (hashing algorithm) */
- u_int32_t asyncmap; /* Value of async map */
- u_int32_t magicnumber;
+ unsigned char chap_mdtype; /* which MD types (hashing algorithm) */
+ uint32_t asyncmap; /* Value of async map */
+ uint32_t magicnumber;
int numloops; /* Number of loops during magic number neg. */
- u_int32_t lqr_period; /* Reporting period for LQR 1/100ths second */
+ uint32_t lqr_period; /* Reporting period for LQR 1/100ths second */
struct epdisc endpoint; /* endpoint discriminator */
} lcp_options;
void lcp_close(int, char *);
void lcp_lowerup(int);
void lcp_lowerdown(int);
-void lcp_sprotrej(int, u_char *, int); /* send protocol reject */
+void lcp_sprotrej(int, unsigned char *, int); /* send protocol reject */
extern struct protent lcp_protent;
#include <sys/types.h>
#include <sys/time.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "magic.h"
#include <inttypes.h>
#include <net/if.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "magic.h"
#include "fsm.h"
#include "lcp.h"
#include "ipv6cp.h"
#endif
#include "upap.h"
-#include "chap-new.h"
+#include "chap.h"
#include "eap.h"
#include "ccp.h"
#include "ecp.h"
#include "pathnames.h"
-#include "ppp-crypto.h"
+#include "crypto.h"
+#include "multilink.h"
#ifdef PPP_WITH_TDB
#include "tdb.h"
#include "atcp.h"
#endif
-
/* interface vars */
char ifname[IFNAMSIZ]; /* Interface name */
int ifunit; /* Interface unit number */
char hostname[MAXNAMELEN]; /* Our hostname */
static char pidfilename[MAXPATHLEN]; /* name of pid file */
static char linkpidfile[MAXPATHLEN]; /* name of linkname pid file */
-char ppp_devnam[MAXPATHLEN]; /* name of PPP tty (maybe ttypx) */
uid_t uid; /* Our real user-id */
struct notifier *pidchange = NULL;
struct notifier *phasechange = NULL;
int privileged; /* we're running as real uid root */
int need_holdoff; /* need holdoff period before restarting */
int detached; /* have detached from terminal */
-volatile int status; /* exit status for pppd */
+volatile int code; /* exit status for pppd */
int unsuccess; /* # unsuccessful connection attempts */
int do_callback; /* != 0 if we should do callback next */
int doing_callback; /* != 0 if we are doing callback */
int fd_devnull; /* fd for /dev/null */
int devfd = -1; /* fd of underlying device */
int fd_ppp = -1; /* fd for talking PPP */
-int phase; /* where the link is at */
+ppp_phase_t phase; /* where the link is at */
int kill_link;
int asked_to_quit;
int open_ccp_flag;
struct pppd_stats link_stats;
unsigned link_connect_time;
int link_stats_valid;
+int link_stats_print;
int error_count;
extern char *getlogin(void);
int main(int, char *[]);
+const char *ppp_hostname()
+{
+ return hostname;
+}
+
+bool ppp_signaled(int sig)
+{
+ if (sig == SIGTERM)
+ return !!got_sigterm;
+ if (sig == SIGUSR2)
+ return !!got_sigusr2;
+ if (sig == SIGHUP)
+ return !!got_sighup;
+ return false;
+}
+
+ppp_exit_code_t ppp_status()
+{
+ return code;
+}
+
+void ppp_set_status(ppp_exit_code_t value)
+{
+ code = value;
+}
+
+void ppp_set_session_number(int number)
+{
+ ppp_session_number = number;
+}
+
+int ppp_get_session_number()
+{
+ return ppp_session_number;
+}
+
+const char *ppp_ifname()
+{
+ return ifname;
+}
+
+int ppp_get_ifname(char *buf, size_t bufsz)
+{
+ if (buf) {
+ return strlcpy(buf, ifname, bufsz);
+ }
+ return false;
+}
+
+void ppp_set_ifname(const char *name)
+{
+ if (ifname) {
+ strlcpy(ifname, name, sizeof(ifname));
+ }
+}
+
+int ppp_ifunit()
+{
+ return ifunit;
+}
+
+int ppp_get_link_uptime()
+{
+ return link_connect_time;
+}
+
/*
* PPP Data Link Layer "protocol" table.
* One entry per supported protocol.
strlcpy(path_ipv6down, PPP_PATH_IPV6DOWN, MAXPATHLEN);
#endif
link_stats_valid = 0;
+ link_stats_print = 1;
new_phase(PHASE_INITIALIZE);
script_env = NULL;
/* Initialize syslog facilities */
reopen_log();
- if (gethostname(hostname, MAXNAMELEN) < 0 ) {
- option_error("Couldn't get hostname: %m");
+ if (gethostname(hostname, sizeof(hostname)) < 0 ) {
+ ppp_option_error("Couldn't get hostname: %m");
exit(1);
}
hostname[MAXNAMELEN-1] = 0;
uid = getuid();
privileged = uid == 0;
slprintf(numbuf, sizeof(numbuf), "%d", uid);
- script_setenv("ORIG_UID", numbuf, 0);
+ ppp_script_setenv("ORIG_UID", numbuf, 0);
ngroups = getgroups(NGROUPS_MAX, groups);
* Parse, in order, the system options file, the user's options file,
* and the command line arguments.
*/
- if (!options_from_file(PPP_PATH_SYSOPTIONS, !privileged, 0, 1)
+ if (!ppp_options_from_file(PPP_PATH_SYSOPTIONS, !privileged, 0, 1)
|| !options_from_user()
|| !parse_args(argc-1, argv+1))
exit(EXIT_OPTION_ERROR);
* Check that we are running as root.
*/
if (geteuid() != 0) {
- option_error("must be root to run %s, since it is not setuid-root",
+ ppp_option_error("must be root to run %s, since it is not setuid-root",
argv[0]);
exit(EXIT_NOT_ROOT);
}
- if (!ppp_available()) {
- option_error("%s", no_ppp_msg);
+ if (!ppp_check_kernel_support()) {
+ ppp_option_error("%s", no_ppp_msg);
exit(EXIT_NO_KERNEL_SUPPORT);
}
if (!sys_check_options())
exit(EXIT_OPTION_ERROR);
auth_check_options();
-#ifdef PPP_WITH_MULTILINK
mp_check_options();
-#endif
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->check_options != NULL)
(*protp->check_options)();
p = "(unknown)";
}
syslog(LOG_NOTICE, "pppd %s started by %s, uid %d", VERSION, p, uid);
- script_setenv("PPPLOGNAME", p, 0);
+ ppp_script_setenv("PPPLOGNAME", p, 0);
if (devnam[0])
- script_setenv("DEVICE", devnam, 1);
+ ppp_script_setenv("DEVICE", devnam, 1);
slprintf(numbuf, sizeof(numbuf), "%d", getpid());
- script_setenv("PPPD_PID", numbuf, 1);
+ ppp_script_setenv("PPPD_PID", numbuf, 1);
setup_signals();
listen_time = 0;
need_holdoff = 1;
devfd = -1;
- status = EXIT_OK;
+ code = EXIT_OK;
++unsuccess;
doing_callback = do_callback;
do_callback = 0;
info("Starting link");
}
- get_time(&start_time);
- script_unsetenv("CONNECT_TIME");
- script_unsetenv("BYTES_SENT");
- script_unsetenv("BYTES_RCVD");
+ ppp_get_time(&start_time);
+ ppp_script_unsetenv("CONNECT_TIME");
+ ppp_script_unsetenv("BYTES_SENT");
+ ppp_script_unsetenv("BYTES_RCVD");
lcp_open(0); /* Start protocol */
start_link(0);
}
PPP_crypto_deinit();
- die(status);
+ die(code);
return 0;
}
info("Hangup (SIGHUP)");
kill_link = 1;
got_sighup = 0;
- if (status != EXIT_HANGUP)
- status = EXIT_USER_REQUEST;
+ if (code != EXIT_HANGUP)
+ code = EXIT_USER_REQUEST;
}
if (got_sigterm) {
info("Terminating on signal %d", got_sigterm);
kill_link = 1;
asked_to_quit = 1;
persist = 0;
- status = EXIT_USER_REQUEST;
+ code = EXIT_USER_REQUEST;
got_sigterm = 0;
}
if (got_sigchld) {
else
slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit);
info("Using interface %s", ifname);
- script_setenv("IFNAME", ifname, iskey);
+ ppp_script_setenv("IFNAME", ifname, iskey);
slprintf(ifkey, sizeof(ifkey), "%d", ifunit);
- script_setenv("UNIT", ifkey, iskey);
+ ppp_script_setenv("UNIT", ifkey, iskey);
if (iskey) {
create_pidfile(getpid()); /* write pid to file */
create_linkpidfile(getpid());
if (log_default)
log_to_fd = -1;
slprintf(numbuf, sizeof(numbuf), "%d", getpid());
- script_setenv("PPPD_PID", numbuf, 1);
+ ppp_script_setenv("PPPD_PID", numbuf, 1);
/* wait for parent to finish updating pid & lock files and die */
close(pipefd[1]);
if (linkname[0] == 0)
return;
- script_setenv("LINKNAME", linkname, 1);
+ ppp_script_setenv("LINKNAME", linkname, 1);
slprintf(linkpidfile, sizeof(linkpidfile), "%sppp-%s.pid",
PPP_PATH_VARRUN, linkname);
if ((pidfile = fopen(linkpidfile, "w")) != NULL) {
return;
if (len == 0) {
- if (bundle_eof && multilink_master) {
+ if (bundle_eof && mp_master()) {
notice("Last channel has disconnected");
mp_bundle_terminated();
return;
}
notice("Modem hangup");
hungup = 1;
- status = EXIT_HANGUP;
+ code = EXIT_HANGUP;
lcp_lowerdown(0); /* serial link is no longer available */
link_terminated(0);
return;
* new_phase - signal the start of a new phase of pppd's operation.
*/
void
-new_phase(int p)
+new_phase(ppp_phase_t p)
{
phase = p;
if (new_phase_hook)
notify(phasechange, p);
}
+bool
+in_phase(ppp_phase_t p)
+{
+ return (phase == p);
+}
+
/*
* die - clean up state and exit with the specified status.
*/
void
die(int status)
{
- if (!doing_multilink || multilink_master)
+
+ if (!mp_on() || mp_master())
print_link_stats();
cleanup();
notify(exitnotify, status);
/*
* Print connect time and statistics.
*/
- if (link_stats_valid) {
+ if (link_stats_print && link_stats_valid) {
int t = (link_connect_time + 5) / 6; /* 1/10ths of minutes */
info("Connect time %d.%d minutes.", t/10, t%10);
info("Sent %u bytes, received %u bytes.",
link_stats.bytes_out, link_stats.bytes_in);
- link_stats_valid = 0;
+ link_stats_print = 0;
}
}
{
if (!get_ppp_stats(u, &old_link_stats))
return;
- get_time(&start_time);
+ ppp_get_time(&start_time);
}
/*
char numbuf[32];
if (!get_ppp_stats(u, &link_stats)
- || get_time(&now) < 0)
+ || ppp_get_time(&now) < 0)
return;
link_connect_time = now.tv_sec - start_time.tv_sec;
link_stats_valid = 1;
link_stats.pkts_out -= old_link_stats.pkts_out;
slprintf(numbuf, sizeof(numbuf), "%u", link_connect_time);
- script_setenv("CONNECT_TIME", numbuf, 0);
+ ppp_script_setenv("CONNECT_TIME", numbuf, 0);
snprintf(numbuf, sizeof(numbuf), "%" PRIu64, link_stats.bytes_out);
- script_setenv("BYTES_SENT", numbuf, 0);
+ ppp_script_setenv("BYTES_SENT", numbuf, 0);
snprintf(numbuf, sizeof(numbuf), "%" PRIu64, link_stats.bytes_in);
- script_setenv("BYTES_RCVD", numbuf, 0);
+ ppp_script_setenv("BYTES_RCVD", numbuf, 0);
+}
+
+bool
+ppp_get_link_stats(ppp_link_stats_st *stats)
+{
+ update_link_stats(0);
+ if (stats != NULL &&
+ link_stats_valid) {
+
+ memcpy(stats, &link_stats, sizeof(*stats));
+ return true;
+ }
+ return false;
}
* timeout - Schedule a timeout.
*/
void
-timeout(void (*func)(void *), void *arg, int secs, int usecs)
+ppp_timeout(void (*func)(void *), void *arg, int secs, int usecs)
{
struct callout *newp, *p, **pp;
fatal("Out of memory in timeout()!");
newp->c_arg = arg;
newp->c_func = func;
- get_time(&timenow);
+ ppp_get_time(&timenow);
newp->c_time.tv_sec = timenow.tv_sec + secs;
newp->c_time.tv_usec = timenow.tv_usec + usecs;
if (newp->c_time.tv_usec >= 1000000) {
* untimeout - Unschedule a timeout.
*/
void
-untimeout(void (*func)(void *), void *arg)
+ppp_untimeout(void (*func)(void *), void *arg)
{
struct callout **copp, *freep;
while (callout != NULL) {
p = callout;
- if (get_time(&timenow) < 0)
+ if (ppp_get_time(&timenow) < 0)
fatal("Failed to get time of day: %m");
if (!(p->c_time.tv_sec < timenow.tv_sec
|| (p->c_time.tv_sec == timenow.tv_sec
if (callout == NULL)
return NULL;
- get_time(&timenow);
+ ppp_get_time(&timenow);
tvp->tv_sec = callout->c_time.tv_sec - timenow.tv_sec;
tvp->tv_usec = callout->c_time.tv_usec - timenow.tv_usec;
if (tvp->tv_usec < 0) {
}
/*
- * safe_fork - Create a child process. The child closes all the
+ * ppp_safe_fork - Create a child process. The child closes all the
* file descriptors that we don't want to leak to a script.
* The parent waits for the child to do this before returning.
* This also arranges for the specified fds to be dup'd to
* fds 0, 1, 2 in the child.
*/
pid_t
-safe_fork(int infd, int outfd, int errfd)
+ppp_safe_fork(int infd, int outfd, int errfd)
{
pid_t pid;
int fd, pipefd[2];
}
/* Executing in the child */
- sys_close();
+ ppp_sys_close();
#ifdef PPP_WITH_TDB
if (pppdb != NULL)
tdb_close(pppdb);
errfd = open(PPP_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
++conn_running;
- pid = safe_fork(in, out, errfd);
+ pid = ppp_safe_fork(in, out, errfd);
if (pid != 0 && log_to_fd < 0)
close(errfd);
* and update the script environment. Note that we intentionally do
* not update the TDB. These changes are layered on top right before
* exec. It is not possible to use script_setenv() or
- * script_unsetenv() safely after this routine is run.
+ * ppp_script_unsetenv() safely after this routine is run.
*/
static void
update_script_environment(void)
* reap_kids) iff the return value is > 0.
*/
pid_t
-run_program(char *prog, char **args, int must_exist, void (*done)(void *), void *arg, int wait)
+run_program(char *prog, char * const *args, int must_exist, void (*done)(void *), void *arg, int wait)
{
int pid, status, ret;
struct stat sbuf;
return 0;
}
- pid = safe_fork(fd_devnull, fd_devnull, fd_devnull);
+ pid = ppp_safe_fork(fd_devnull, fd_devnull, fd_devnull);
if (pid == -1) {
error("Failed to create child process for %s: %m", prog);
return -1;
return 0;
}
+
+struct notifier **get_notifier_by_type(ppp_notify_t type)
+{
+ struct notifier **list[NF_MAX_NOTIFY] = {
+ [NF_PID_CHANGE ] = &pidchange,
+ [NF_PHASE_CHANGE] = &phasechange,
+ [NF_EXIT ] = &exitnotify,
+ [NF_SIGNALED ] = &sigreceived,
+ [NF_IP_UP ] = &ip_up_notifier,
+ [NF_IP_DOWN ] = &ip_down_notifier,
+ [NF_IPV6_UP ] = &ipv6_up_notifier,
+ [NF_IPV6_DOWN ] = &ipv6_down_notifier,
+ [NF_AUTH_UP ] = &auth_up_notifier,
+ [NF_LINK_DOWN ] = &link_down_notifier,
+ [NF_FORK ] = &fork_notifier,
+ };
+ return list[type];
+}
+
/*
* add_notifier - add a new function to be called when something happens.
*/
void
-add_notifier(struct notifier **notif, notify_func func, void *arg)
+ppp_add_notify(ppp_notify_t type, ppp_notify_fn *func, void *arg)
{
- struct notifier *np;
-
- np = malloc(sizeof(struct notifier));
- if (np == 0)
- novm("notifier struct");
- np->next = *notif;
- np->func = func;
- np->arg = arg;
- *notif = np;
+ struct notifier **notif = get_notifier_by_type(type);
+ if (notif) {
+
+ struct notifier *np = malloc(sizeof(struct notifier));
+ if (np == 0)
+ novm("notifier struct");
+ np->next = *notif;
+ np->func = func;
+ np->arg = arg;
+ *notif = np;
+ } else {
+ error("Could not find notifier function for: %d", type);
+ }
}
/*
* be called when something happens.
*/
void
-remove_notifier(struct notifier **notif, notify_func func, void *arg)
+ppp_del_notify(ppp_notify_t type, ppp_notify_fn *func, void *arg)
{
- struct notifier *np;
-
- for (; (np = *notif) != 0; notif = &np->next) {
- if (np->func == func && np->arg == arg) {
- *notif = np->next;
- free(np);
- break;
+ struct notifier **notif = get_notifier_by_type(type);
+ if (notif) {
+ struct notifier *np;
+
+ for (; (np = *notif) != 0; notif = &np->next) {
+ if (np->func == func && np->arg == arg) {
+ *notif = np->next;
+ free(np);
+ break;
+ }
}
+ } else {
+ error("Could not find notifier function for: %d", type);
}
}
}
/*
- * script_setenv - set an environment variable value to be used
+ * ppp_script_setenv - set an environment variable value to be used
* for scripts that we run (e.g. ip-up, auth-up, etc.)
*/
void
-script_setenv(char *var, char *value, int iskey)
+ppp_script_setenv(char *var, char *value, int iskey)
{
size_t varl = strlen(var);
size_t vl = varl + strlen(value) + 2;
}
/*
- * script_unsetenv - remove a variable from the environment
+ * ppp_script_unsetenv - remove a variable from the environment
* for scripts.
*/
void
-script_unsetenv(char *var)
+ppp_script_unsetenv(char *var)
{
int vl = strlen(var);
int i;
#include <string.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "ccp.h"
#include "chap_ms.h"
#include "mppe.h"
-#include "ppp-crypto.h"
+#include "crypto.h"
u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
/* Build a CI from mppe opts (see RFC 3078) */
#define MPPE_OPTS_TO_CI(opts, ci) \
do { \
- u_char *ptr = ci; /* u_char[4] */ \
+ unsigned char *ptr = ci; /* unsigned char[4] */ \
\
/* H bit */ \
if (opts & MPPE_OPT_STATEFUL) \
/* The reverse of the above */
#define MPPE_CI_TO_OPTS(ci, opts) \
do { \
- u_char *ptr = ci; /* u_char[4] */ \
+ unsigned char *ptr = ci; /* unsigned char[4] */ \
\
opts = 0; \
\
#if PPP_WITH_MPPE
-/*
- * NOTE:
- * Access to these variables directly is discuraged. Please
- * change your code to use below accessor functions.
- */
-
-/* The key material generated which is used for MPPE send key */
-extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
-/* The key material generated which is used for MPPE recv key */
-extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
-/* Keys are set if value is non-zero */
-extern int mppe_keys_set;
-
/* These values are the RADIUS attribute values--see RFC 2548. */
#define MPPE_ENC_POL_ENC_ALLOWED 1
#define MPPE_ENC_POL_ENC_REQUIRED 2
* Set the MPPE send and recv keys. NULL values for keys are ignored
* and input values are cleared to avoid leaving them on the stack
*/
-void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen);
+void mppe_set_keys(unsigned char *send_key, unsigned char *recv_key, int keylen);
/*
* Get the MPPE recv key
*/
-int mppe_get_recv_key(u_char *recv_key, int length);
+int mppe_get_recv_key(unsigned char *recv_key, int length);
/*
* Get the MPPE send key
*/
-int mppe_get_send_key(u_char *send_key, int length);
+int mppe_get_send_key(unsigned char *send_key, int length);
/*
* Clear the MPPE keys
#include <netinet/in.h>
#include <unistd.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
#include "tdb.h"
+#include "multilink.h"
bool endpoint_specified; /* user gave explicit endpoint discriminator */
char *bundle_id; /* identifier for our bundle */
#define process_exists(n) (kill((n), 0) == 0 || errno != ESRCH)
+multilink_join_hook_fn *multilink_join_hook = NULL;
+
+bool mp_master()
+{
+ return multilink_master;
+}
+
+bool mp_on()
+{
+ return doing_multilink;
+}
+
void
mp_check_options(void)
{
if (demand) {
/* already have a bundle */
cfg_bundle(0, 0, 0, 0);
- netif_set_mtu(0, mtu);
+ ppp_set_mtu(0, mtu);
return 0;
}
make_new_bundle(0, 0, 0, 0);
set_ifunit(1);
- netif_set_mtu(0, mtu);
+ ppp_set_mtu(0, mtu);
return 0;
}
mtu = MIN(ho->mrru, ao->mru);
if (demand) {
cfg_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf);
- netif_set_mtu(0, mtu);
- script_setenv("BUNDLE", bundle_id + 7, 1);
+ ppp_set_mtu(0, mtu);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 1);
return 0;
}
/* attach to existing unit */
if (bundle_attach(unit)) {
set_ifunit(0);
- script_setenv("BUNDLE", bundle_id + 7, 0);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 0);
make_bundle_links(1);
unlock_db();
info("Link attached to %s", ifname);
/* we have to make a new bundle */
make_new_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf);
set_ifunit(1);
- netif_set_mtu(0, mtu);
- script_setenv("BUNDLE", bundle_id + 7, 1);
+ ppp_set_mtu(0, mtu);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 1);
make_bundle_links(0);
unlock_db();
info("New bundle %s created", ifname);
print_link_stats();
if (!demand) {
remove_pidfiles();
- script_unsetenv("IFNAME");
+ ppp_script_unsetenv("IFNAME");
}
lock_db();
hp = gethostbyname(hostname);
if (hp != NULL) {
addr = *(u_int32_t *)hp->h_addr;
- if (!bad_ip_adrs(addr)) {
+ if (!ppp_bad_ip_addr(addr)) {
addr = ntohl(addr);
if (!LOCAL_IP_ADDR(addr)) {
ep->class = EPD_IP;
--- /dev/null
+/*
+ * multilink.h - support routines for multilink.
+ *
+ * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@samba.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_MULTILINK_H
+#define PPP_MULTILINK_H
+
+#include "pppdconf.h"
+
+/*
+ * values for epdisc.class
+ */
+#define EPD_NULL 0 /* null discriminator, no data */
+#define EPD_LOCAL 1
+#define EPD_IP 2
+#define EPD_MAC 3
+#define EPD_MAGIC 4
+#define EPD_PHONENUM 5
+
+struct epdisc;
+
+#ifdef PPP_WITH_MULTILINK
+
+/*
+ * Check multilink-related options
+ */
+void mp_check_options(void);
+
+/*
+ * Join our link to an appropriate bundle
+ */
+int mp_join_bundle(void);
+
+/*
+ * Disconnected our link from the bundle
+ */
+void mp_exit_bundle(void);
+
+/*
+ * Multipoint bundle terminated
+ */
+void mp_bundle_terminated(void);
+
+/*
+ * Acting as a multilink master
+ */
+bool mp_master();
+
+/*
+ * Was multilink negotiated
+ */
+bool mp_on();
+
+/*
+ * Convert an endpoint discriminator to a string
+ */
+char *epdisc_to_str(struct epdisc *);
+
+/*
+ * Convert a string to an endpoint discriminator
+ */
+int str_to_epdisc(struct epdisc *, char *);
+
+/*
+ * Hook for plugin to hear when an interface joins a multilink bundle
+ */
+typedef void (multilink_join_hook_fn)(void);
+extern multilink_join_hook_fn *multilink_join_hook;
+
+#else
+
+#define mp_check_options(x) ((void)0)
+#define mp_join_bundle(x) ((void)0)
+#define mp_exit_bundle(x) ((void)0)
+#define mp_bundle_terminated(x) ((void)0)
+
+static inline bool mp_on() {
+ return false;
+}
+
+static inline bool mp_master() {
+ return false;
+}
+
+#endif // PPP_WITH_MULTILINK
+#endif // PPP_MULTILINK_H
#endif
#endif /* PPP_WITH_FILTER */
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
+#include "upap.h"
#include "pathnames.h"
#if defined(ultrix) || defined(NeXT)
int debug = 0; /* Debug flag */
int kdebugflag = 0; /* Tell kernel to print debug messages */
int default_device = 1; /* Using /dev/tty or equivalent */
-char devnam[MAXPATHLEN]; /* Device name */
bool nodetach = 0; /* Don't detach from controlling tty */
bool updetach = 0; /* Detach once link is up */
bool master_detach; /* Detach when we're (only) multilink master */
bool persist = 0; /* Reopen link after it goes down */
char our_name[MAXNAMELEN]; /* Our name for authentication purposes */
bool demand = 0; /* do dial-on-demand */
-char *ipparam = NULL; /* Extra parameter for ip up/down scripts */
int idle_time_limit = 0; /* Disconnect if idle for this many seconds */
int holdoff = 30; /* # seconds to pause before reconnecting */
bool holdoff_specified; /* true if a holdoff value has been given */
#endif
unsigned int maxoctets = 0; /* default - no limit */
-int maxoctets_dir = 0; /* default - sum of traffic */
+session_limit_dir_t maxoctets_dir = PPP_OCTETS_DIRECTION_SUM; /* default - sum of traffic */
int maxoctets_timeout = 1; /* default 1 second */
-extern option_t auth_options[];
+extern struct option auth_options[];
extern struct stat devstat;
#ifdef PPP_WITH_FILTER
struct bpf_program active_filter; /* Filter program for link-active pkts */
#endif
-static option_t *curopt; /* pointer to option being processed */
+static struct option *curopt; /* pointer to option being processed */
char *current_option; /* the name of the option being parsed */
int privileged_option; /* set iff the current option came from root */
char *option_source; /* string saying where the option came from */
static int setmodir(char **);
static int user_setenv(char **);
-static void user_setprint(option_t *, printer_func, void *);
+static void user_setprint(struct option *, printer_func, void *);
static int user_unsetenv(char **);
-static void user_unsetprint(option_t *, printer_func, void *);
+static void user_unsetprint(struct option *, printer_func, void *);
-static option_t *find_option(char *name);
-static int process_option(option_t *, char *, char **);
-static int n_arguments(option_t *);
+static struct option *find_option(char *name);
+static int process_option(struct option *, char *, char **);
+static int n_arguments(struct option *);
static int number_option(char *, u_int32_t *, int);
/*
* Structure to store extra lists of options.
*/
struct option_list {
- option_t *options;
+ struct option *options;
struct option_list *next;
};
/*
* Valid arguments.
*/
-option_t general_options[] = {
+struct option general_options[] = {
{ "debug", o_int, &debug,
"Increase debugging level", OPT_INC | OPT_NOARG | 1 },
{ "-d", o_int, &debug,
#define IMPLEMENTATION ""
#endif
+int
+ppp_get_max_idle_time()
+{
+ return idle_time_limit;
+}
+
+void
+ppp_set_max_idle_time(unsigned int max)
+{
+ idle_time_limit = max;
+}
+
+int
+ppp_get_max_connect_time()
+{
+ return maxconnect;
+}
+
+void
+ppp_set_max_connect_time(unsigned int max)
+{
+ maxconnect = max;
+}
+
+void
+ppp_set_session_limit(unsigned int octets)
+{
+ maxoctets = octets;
+}
+
+void
+ppp_set_session_limit_dir(unsigned int dir)
+{
+ if (dir > 4)
+ dir = PPP_OCTETS_DIRECTION_SUM;
+ maxoctets_dir = (session_limit_dir_t) dir;
+}
+
+bool
+debug_on()
+{
+ return !!debug;
+}
+
+int
+ppp_get_path(ppp_path_t type, char *buf, size_t bufsz)
+{
+ const char *path;
+
+ if (buf && bufsz > 0) {
+ switch (type) {
+ case PPP_DIR_LOG:
+ path = PPP_PATH_VARLOG;
+ break;
+ case PPP_DIR_RUNTIME:
+ path = PPP_PATH_VARRUN;
+ break;
+ case PPP_DIR_PLUGIN:
+ path = PPP_PATH_PLUGIN;
+ break;
+ case PPP_DIR_CONF:
+ path = PPP_PATH_CONFDIR;
+ break;
+ }
+ return strlcpy(buf, path, bufsz);
+ }
+ return -1;
+}
+
+int
+ppp_get_filepath(ppp_path_t type, const char *name, char *buf, size_t bufsz)
+{
+ const char *path;
+
+ if (buf && bufsz > 0) {
+ switch (type) {
+ case PPP_DIR_LOG:
+ path = PPP_PATH_VARLOG;
+ break;
+ case PPP_DIR_RUNTIME:
+ path = PPP_PATH_VARRUN;
+ break;
+ case PPP_DIR_PLUGIN:
+ path = PPP_PATH_PLUGIN;
+ break;
+ case PPP_DIR_CONF:
+ path = PPP_PATH_CONFDIR;
+ break;
+ }
+ return slprintf(buf, bufsz, "%s/%s", path, name);
+ }
+ return -1;
+}
+
+bool ppp_persist()
+{
+ return !!persist;
+}
/*
* parse_args - parse a string of arguments from the command line.
parse_args(int argc, char **argv)
{
char *arg;
- option_t *opt;
+ struct option *opt;
int n;
privileged_option = privileged;
--argc;
opt = find_option(arg);
if (opt == NULL) {
- option_error("unrecognized option '%s'", arg);
+ ppp_option_error("unrecognized option '%s'", arg);
usage();
return 0;
}
n = n_arguments(opt);
if (argc < n) {
- option_error("too few parameters for option %s", arg);
+ ppp_option_error("too few parameters for option %s", arg);
return 0;
}
if (!process_option(opt, arg, argv))
* and interpret them.
*/
int
-options_from_file(char *filename, int must_exist, int check_prot, int priv)
+ppp_options_from_file(char *filename, int must_exist, int check_prot, int priv)
{
FILE *f;
int i, newline, ret, err;
- option_t *opt;
+ struct option *opt;
int oldpriv, n;
char *oldsource;
uid_t euid;
euid = geteuid();
if (check_prot && seteuid(getuid()) == -1) {
- option_error("unable to drop privileges to open %s: %m", filename);
+ ppp_option_error("unable to drop privileges to open %s: %m", filename);
return 0;
}
f = fopen(filename, "r");
warn("Warning: can't open options file %s: %m", filename);
return 1;
}
- option_error("Can't open options file %s: %m", filename);
+ ppp_option_error("Can't open options file %s: %m", filename);
return 0;
}
while (getword(f, cmd, &newline, filename)) {
opt = find_option(cmd);
if (opt == NULL) {
- option_error("In file %s: unrecognized option '%s'",
+ ppp_option_error("In file %s: unrecognized option '%s'",
filename, cmd);
goto err;
}
n = n_arguments(opt);
for (i = 0; i < n; ++i) {
if (!getword(f, args[i], &newline, filename)) {
- option_error(
+ ppp_option_error(
"In file %s: too few parameters for option '%s'",
filename, cmd);
goto err;
novm("init file name");
slprintf(path, pl, "%s/%s", user, file);
option_priority = OPRIO_CFGFILE;
- ret = options_from_file(path, 0, 1, privileged);
+ ret = ppp_options_from_file(path, 0, 1, privileged);
free(path);
return ret;
}
if (*p == '/')
*p = '.';
option_priority = OPRIO_CFGFILE;
- ret = options_from_file(path, 0, 0, 1);
+ ret = ppp_options_from_file(path, 0, 0, 1);
free(path);
return ret;
}
options_from_list(struct wordlist *w, int priv)
{
char *argv[MAXARGS];
- option_t *opt;
+ struct option *opt;
int i, n, ret = 0;
struct wordlist *w0;
while (w != NULL) {
opt = find_option(w->word);
if (opt == NULL) {
- option_error("In secrets file: unrecognized option '%s'",
+ ppp_option_error("In secrets file: unrecognized option '%s'",
w->word);
goto err;
}
for (i = 0; i < n; ++i) {
w = w->next;
if (w == NULL) {
- option_error(
+ ppp_option_error(
"In secrets file: too few parameters for option '%s'",
w0->word);
goto err;
}
/*
- * match_option - see if this option matches an option_t structure.
+ * match_option - see if this option matches an option structure.
*/
static int
-match_option(char *name, option_t *opt, int dowild)
+match_option(char *name, struct option *opt, int dowild)
{
int (*match)(char *, char **, int);
* looking for an entry with the given name.
* This could be optimized by using a hash table.
*/
-static option_t *
+static struct option *
find_option(char *name)
{
- option_t *opt;
+ struct option *opt;
struct option_list *list;
int i, dowild;
* process_option - process one new-style option.
*/
static int
-process_option(option_t *opt, char *cmd, char **argv)
+process_option(struct option *opt, char *cmd, char **argv)
{
u_int32_t v;
int iv, a;
int (*wildp)(char *, char **, int);
char *optopt = (opt->type == o_wild)? "": " option";
int prio = option_priority;
- option_t *mainopt = opt;
+ struct option *mainopt = opt;
current_option = opt->name;
if ((opt->flags & OPT_PRIVFIX) && privileged_option)
if (prio < mainopt->priority) {
/* new value doesn't override old */
if (prio == OPRIO_CMDLINE && mainopt->priority > OPRIO_ROOT) {
- option_error("%s%s set in %s cannot be overridden\n",
+ ppp_option_error("%s%s set in %s cannot be overridden\n",
opt->name, optopt, mainopt->source);
return 0;
}
opt->name, optopt, option_source);
}
- if ((opt->flags & OPT_INITONLY) && phase != PHASE_INITIALIZE) {
- option_error("%s%s cannot be changed after initialization",
+ if ((opt->flags & OPT_INITONLY) && !in_phase(PHASE_INITIALIZE)) {
+ ppp_option_error("%s%s cannot be changed after initialization",
opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_PRIV) && !privileged_option) {
- option_error("using the %s%s requires root privilege",
+ ppp_option_error("using the %s%s requires root privilege",
opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_ENABLE) && *(bool *)(opt->addr2) == 0) {
- option_error("%s%s is disabled", opt->name, optopt);
+ ppp_option_error("%s%s is disabled", opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_DEVEQUIV) && devnam_fixed) {
- option_error("the %s%s may not be changed in %s",
+ ppp_option_error("the %s%s may not be changed in %s",
opt->name, optopt, option_source);
return 0;
}
case o_int:
iv = 0;
if ((opt->flags & OPT_NOARG) == 0) {
- if (!int_option(*argv, &iv))
+ if (!ppp_int_option(*argv, &iv))
return 0;
if ((((opt->flags & OPT_LLIMIT) && iv < opt->lower_limit)
|| ((opt->flags & OPT_ULIMIT) && iv > opt->upper_limit))
char *zok = (opt->flags & OPT_ZEROOK)? " zero or": "";
switch (opt->flags & OPT_LIMITS) {
case OPT_LLIMIT:
- option_error("%s value must be%s >= %d",
+ ppp_option_error("%s value must be%s >= %d",
opt->name, zok, opt->lower_limit);
break;
case OPT_ULIMIT:
- option_error("%s value must be%s <= %d",
+ ppp_option_error("%s value must be%s <= %d",
opt->name, zok, opt->upper_limit);
break;
case OPT_LIMITS:
- option_error("%s value must be%s between %d and %d",
+ ppp_option_error("%s value must be%s between %d and %d",
opt->name, zok, opt->lower_limit, opt->upper_limit);
break;
}
int oldv = *(int *)(opt->addr);
if ((opt->flags & OPT_ZEROINF) ?
(oldv != 0 && (iv == 0 || iv > oldv)) : (iv > oldv)) {
- option_error("%s value cannot be increased", opt->name);
+ ppp_option_error("%s value cannot be increased", opt->name);
return 0;
}
}
int
override_value(char *option, int priority, const char *source)
{
- option_t *opt;
+ struct option *opt;
opt = find_option(option);
if (opt == NULL)
* n_arguments - tell how many arguments an option takes
*/
static int
-n_arguments(option_t *opt)
+n_arguments(struct option *opt)
{
return (opt->type == o_bool || opt->type == o_special_noarg
|| (opt->flags & OPT_NOARG))? 0: 1;
* add_options - add a list of options to the set we grok.
*/
void
-add_options(option_t *opt)
+ppp_add_options(struct option *opt)
{
struct option_list *list;
* print_option - print out an option and its value
*/
static void
-print_option(option_t *opt, option_t *mainopt, printer_func printer, void *arg)
+print_option(struct option *opt, struct option *mainopt, printer_func printer, void *arg)
{
int i, v;
char *p;
printer(arg, " ");
}
if (opt->flags & OPT_A2PRINTER) {
- void (*oprt)(option_t *, printer_func, void *);
- oprt = (void (*)(option_t *, printer_func, void *))
+ void (*oprt)(struct option *, printer_func, void *);
+ oprt = (void (*)(struct option *, printer_func, void *))
opt->addr2;
(*oprt)(opt, printer, arg);
} else if (opt->flags & OPT_A2STRVAL) {
* array of options.
*/
static void
-print_option_list(option_t *opt, printer_func printer, void *arg)
+print_option_list(struct option *opt, printer_func printer, void *arg)
{
while (opt->name != NULL) {
if (opt->priority != OPRIO_DEFAULT
usage(void)
{
FILE *fp = stderr;
- if (phase == PHASE_INITIALIZE) {
+ if (in_phase(PHASE_INITIALIZE)) {
fprintf(fp, "%s v%s\n", PACKAGE_NAME, PACKAGE_VERSION);
fprintf(fp, "Copyright (C) 1999-2022 Paul Mackerras, and others. All rights reserved.\n\n");
static int
showhelp(char **argv)
{
- if (phase == PHASE_INITIALIZE) {
+ if (in_phase(PHASE_INITIALIZE)) {
usage();
exit(0);
}
static int
showversion(char **argv)
{
- if (phase == PHASE_INITIALIZE) {
+ if (in_phase(PHASE_INITIALIZE)) {
fprintf(stdout, "pppd version %s\n", VERSION);
exit(0);
}
* Print a set of options including the name of the group of options
*/
static void
-showopts_list(FILE *fp, const char *title, option_t *list, ...)
+showopts_list(FILE *fp, const char *title, struct option *list, ...)
{
- option_t *opt = list;
+ struct option *opt = list;
va_list varg;
if (opt && opt->name) {
}
/*
- * option_error - print a message about an error in an option.
+ * ppp_option_error - print a message about an error in an option.
* The message is logged, and also sent to
- * stderr if phase == PHASE_INITIALIZE.
+ * stderr if in_phase(PHASE_INITIALIZE).
*/
void
-option_error(char *fmt, ...)
+ppp_option_error(char *fmt, ...)
{
va_list args;
char buf[1024];
va_start(args, fmt);
vslprintf(buf, sizeof(buf), fmt, args);
va_end(args);
- if (phase == PHASE_INITIALIZE)
+ if (in_phase(PHASE_INITIALIZE))
fprintf(stderr, "%s: %s\n", progname, buf);
syslog(LOG_ERR, "%s", buf);
}
if (ferror(f)) {
if (errno == 0)
errno = EIO;
- option_error("Error reading %s: %m", filename);
+ ppp_option_error("Error reading %s: %m", filename);
die(1);
}
/*
if (len == 0)
return 0;
if (quoted)
- option_error("warning: quoted word runs to end of file (%.20s...)",
+ ppp_option_error("warning: quoted word runs to end of file (%.20s...)",
filename, word);
}
* Warn if the word was too long, and append a terminating null.
*/
if (len >= MAXWORDLEN) {
- option_error("warning: word in file %s too long (%.20s...)",
+ ppp_option_error("warning: word in file %s too long (%.20s...)",
filename, word);
len = MAXWORDLEN - 1;
}
*valp = strtoul(str, &ptr, base);
if (ptr == str) {
- option_error("invalid numeric parameter '%s' for %s option",
+ ppp_option_error("invalid numeric parameter '%s' for %s option",
str, current_option);
return 0;
}
* if there is an error.
*/
int
-int_option(char *str, int *valp)
+ppp_int_option(char *str, int *valp)
{
u_int32_t v;
static int
readfile(char **argv)
{
- return options_from_file(*argv, 1, 1, privileged_option);
+ return ppp_options_from_file(*argv, 1, 1, privileged_option);
}
/*
}
}
if (!ok) {
- option_error("call option value may not contain .. or start with /");
+ ppp_option_error("call option value may not contain .. or start with /");
return 0;
}
if ((fname = (char *) malloc(l)) == NULL)
novm("call file name");
slprintf(fname, l, "%s%s", PPP_PATH_PEERFILES, arg);
- script_setenv("CALL_FILE", arg, 0);
+ ppp_script_setenv("CALL_FILE", arg, 0);
- ok = options_from_file(fname, 1, 1, 1);
+ ok = ppp_options_from_file(fname, 1, 1, 1);
free(fname);
return ok;
pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) {
- option_error("error in pass-filter expression: %s\n",
+ ppp_option_error("error in pass-filter expression: %s\n",
pcap_geterr(pc));
ret = 0;
}
pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) {
- option_error("error in active-filter expression: %s\n",
+ ppp_option_error("error in active-filter expression: %s\n",
pcap_geterr(pc));
ret = 0;
}
euid = geteuid();
if (!privileged_option && seteuid(getuid()) == -1) {
- option_error("unable to drop permissions to open %s: %m", *argv);
+ ppp_option_error("unable to drop permissions to open %s: %m", *argv);
return 0;
}
fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
fatal("unable to regain privileges: %m");
if (fd < 0) {
errno = err;
- option_error("Can't open log file %s: %m", *argv);
+ ppp_option_error("Can't open log file %s: %m", *argv);
return 0;
}
strlcpy(logfile_name, *argv, sizeof(logfile_name));
if (handle == 0) {
err = dlerror();
if (err != 0)
- option_error("%s", err);
- option_error("Couldn't load plugin %s", arg);
+ ppp_option_error("%s", err);
+ ppp_option_error("Couldn't load plugin %s", arg);
goto err;
}
init = (void (*)(void))dlsym(handle, "plugin_init");
if (init == 0) {
- option_error("%s has no initialization entry point", arg);
+ ppp_option_error("%s has no initialization entry point", arg);
goto errclose;
}
vers = (const char *) dlsym(handle, "pppd_version");
if (vers == 0) {
warn("Warning: plugin %s has no version information", arg);
} else if (strcmp(vers, VERSION) != 0) {
- option_error("Plugin %s is for pppd version %s, this is %s",
+ ppp_option_error("Plugin %s is for pppd version %s, this is %s",
arg, vers, VERSION);
goto errclose;
}
struct userenv *uep, **insp;
if ((eqp = strchr(arg, '=')) == NULL) {
- option_error("missing = in name=value: %s", arg);
+ ppp_option_error("missing = in name=value: %s", arg);
return 0;
}
if (eqp == arg) {
- option_error("missing variable name: %s", arg);
+ ppp_option_error("missing variable name: %s", arg);
return 0;
}
for (uep = userenv_list; uep != NULL; uep = uep->ue_next) {
}
static void
-user_setprint(option_t *opt, printer_func printer, void *arg)
+user_setprint(struct option *opt, printer_func printer, void *arg)
{
struct userenv *uep, *uepnext;
char *arg = argv[0];
if (strchr(arg, '=') != NULL) {
- option_error("unexpected = in name: %s", arg);
+ ppp_option_error("unexpected = in name: %s", arg);
return 0;
}
if (*arg == '\0') {
- option_error("missing variable name for unset");
+ ppp_option_error("missing variable name for unset");
return 0;
}
for (uep = userenv_list; uep != NULL; uep = uep->ue_next) {
}
static void
-user_unsetprint(option_t *opt, printer_func printer, void *arg)
+user_unsetprint(struct option *opt, printer_func printer, void *arg)
{
struct userenv *uep, *uepnext;
--- /dev/null
+/*
+ * options.h - header declarations for option processing for PPP.
+ *
+ * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@samba.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_OPTIONS_H
+#define PPP_OPTIONS_H
+
+enum opt_type {
+ o_special_noarg,
+ o_special,
+ o_bool,
+ o_int,
+ o_uint32,
+ o_string,
+ o_wild
+};
+
+struct option {
+ char *name; /* name of the option */
+ enum opt_type type;
+ void *addr;
+ char *description;
+ unsigned int flags;
+ void *addr2;
+ int upper_limit;
+ int lower_limit;
+ const char *source;
+ short int priority;
+ short int winner;
+};
+
+typedef struct option option_t;
+
+/* Values for flags */
+#define OPT_VALUE 0xff /* mask for presupplied value */
+#define OPT_HEX 0x100 /* int option is in hex */
+#define OPT_NOARG 0x200 /* option doesn't take argument */
+#define OPT_OR 0x400 /* for u32, OR in argument to value */
+#define OPT_INC 0x400 /* for o_int, increment value */
+#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */
+#define OPT_PRIV 0x1000 /* privileged option */
+#define OPT_STATIC 0x2000 /* string option goes into static array */
+#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */
+#define OPT_LLIMIT 0x4000 /* check value against lower limit */
+#define OPT_ULIMIT 0x8000 /* check value against upper limit */
+#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT)
+#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */
+#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */
+#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */
+#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */
+#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */
+#define OPT_PRIO 0x80000 /* process option priorities for this option */
+#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */
+#define OPT_ALIAS 0x200000 /* option is alias for previous option */
+#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */
+#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */
+#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */
+#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */
+#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */
+#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */
+#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV)
+#define OPT_A2PRINTER 0x10000000 /* *addr2 printer_func to print option */
+#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */
+#define OPT_NOPRINT 0x40000000 /* don't print this option at all */
+
+#define OPT_VAL(x) ((x) & OPT_VALUE)
+
+/* Values for priority */
+#define OPRIO_DEFAULT 0 /* a default value */
+#define OPRIO_CFGFILE 1 /* value from a configuration file */
+#define OPRIO_CMDLINE 2 /* value from the command line */
+#define OPRIO_SECFILE 3 /* value from options in a secrets file */
+#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */
+
+/* Add additional supported options by e.g. plug-in */
+void ppp_add_options(struct option *options);
+
+/* Parse options from an options file */
+int ppp_options_from_file(char *filename, int must_exist, int check_prot,
+ int privileged);
+
+/* Simplified number_option for decimal ints */
+int ppp_int_option(char *name, int *value);
+
+/* Print an error message about an option */
+void ppp_option_error(char *fmt, ...);
+
+#endif
* https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-peap
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/rand.h>
#include <openssl/err.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "eap.h"
#include "tls.h"
-#include "chap-new.h"
+#include "chap.h"
#include "chap_ms.h"
#include "mppe.h"
#include "peap.h"
}
case CHAP_FAILURE: {
+ u_char status = CHAP_FAILURE;
psm->chap->handle_failure(in_buf, in_len);
PUTCHAR(EAPT_MSCHAPV2, outp);
PUTCHAR(status, outp);
#include <stddef.h>
#include <time.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <sys/types.h>
+
#include <pppd/pppd.h>
+#include <pppd/options.h>
+
+#if !defined(SOL2)
+#include <linux/ppp_defs.h>
+#else
+#include <net/ppp_defs.h>
+#endif
char pppd_version[] = PPPD_VERSION;
static int minconnect = 0;
-static option_t my_options[] = {
+static struct option my_options[] = {
{ "minconnect", o_int, &minconnect,
"Set minimum connect time before idle timeout applies" },
{ NULL }
time_t t;
if (idle == NULL)
- return minconnect? minconnect: idle_time_limit;
+ return minconnect ? minconnect: ppp_get_max_idle_time();
t = idle->xmit_idle;
if (idle->recv_idle < t)
t = idle->recv_idle;
- return idle_time_limit - t;
+ return ppp_get_max_idle_time() - t;
}
void plugin_init(void)
{
info("plugin_init");
- add_options(my_options);
+ ppp_add_options(my_options);
idle_time_hook = my_get_idle;
}
#include <sys/wait.h>
#include <sys/param.h>
#include <limits.h>
+#include <stdio.h>
#include <syslog.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+
#include <pppd/pppd.h>
+#include <pppd/upap.h>
+#include <pppd/eap.h>
+#include <pppd/options.h>
char pppd_version[] = PPPD_VERSION;
static char promptprog[PATH_MAX+1];
static int promptprog_refused = 0;
-static option_t options[] = {
+static struct option options[] = {
{ "promptprog", o_string, promptprog,
"External PAP password prompting program",
OPT_STATIC, NULL, PATH_MAX },
if (!kid) {
/* we are the child, exec the program */
char *argv[5], fdstr[32];
- sys_close();
+ ppp_sys_close();
closelog();
close(p[0]);
ret = seteuid(getuid());
if (ret != 0) {
warn("Couldn't set effective user id");
}
- argv[0] = promptprog;
- argv[1] = user;
- argv[2] = remote_name;
sprintf(fdstr, "%d", p[1]);
+ argv[0] = promptprog;
+ argv[1] = strdup(user);
+ argv[2] = strdup(ppp_remote_name());
argv[3] = fdstr;
argv[4] = 0;
execv(*argv, argv);
if (red == 0)
break;
if (red < 0) {
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
error("Can't read secret from %s: %m", promptprog);
readgood = -1;
/* now wait for child to exit */
while (waitpid(kid, &wstat, 0) < 0) {
- if (errno != EINTR || got_sigterm) {
+ if (errno != EINTR || ppp_signaled(SIGTERM)) {
warn("error waiting for %s: %m", promptprog);
break;
}
void plugin_init(void)
{
- add_options(options);
+ ppp_add_options(options);
pap_passwd_hook = promptpass;
#ifdef PPP_WITH_EAPTLS
eaptls_passwd_hook = promptpass;
#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <sys/time.h>
#include <pppd/pppd.h>
+#include <pppd/upap.h>
+#include <pppd/chap.h>
+#include <pppd/eap.h>
+#include <pppd/options.h>
char pppd_version[] = PPPD_VERSION;
static int passwdfd = -1;
static char save_passwd[MAXSECRETLEN];
-static option_t options[] = {
+static struct option options[] = {
{ "passwordfd", o_int, &passwdfd,
"Receive password on this file descriptor" },
{ NULL }
void plugin_init (void)
{
- add_options (options);
+ ppp_add_options (options);
pap_check_hook = pwfd_check;
pap_passwd_hook = pwfd_passwd;
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/param.h>
+#include <stdbool.h>
+#include <stdarg.h>
#include <pppd/pppd.h>
-#include <pppd/pathnames.h>
+#include <pppd/options.h>
#include <pppd/fsm.h> /* Needed for lcp.h to include cleanly */
#include <pppd/lcp.h>
static int setdevname_pppoatm(const char *cp, const char **argv, int doit);
struct channel pppoa_channel;
static int pppoa_fd = -1;
+static char devnam[MAXNAMELEN];
-static option_t pppoa_options[] = {
+static struct option pppoa_options[] = {
{ "device name", o_wild, (void *) &setdevname_pppoatm,
"ATM service provider IDs: VPI.VCI",
OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC,
memcpy(&pvcaddr, &addr, sizeof pvcaddr);
strlcpy(devnam, cp, MAXPATHLEN);
+ ppp_set_devnam(devnam);
devstat.st_mode = S_IFSOCK;
if (the_channel != &pppoa_channel) {
the_channel = &pppoa_channel;
pppoatm_max_mtu = lcp_allowoptions[0].mru;
pppoatm_max_mru = lcp_wantoptions[0].mru;
set_line_discipline_pppoatm(fd);
- strlcpy(ppp_devnam, devnam, MAXPATHLEN);
+ ppp_set_pppdevnam(devnam);
pppoa_fd = fd;
return fd;
}
{
#ifdef linux
extern int new_style_driver; /* From sys-linux.c */
- if (!ppp_available() && !new_style_driver)
+ if (!ppp_check_kernel_support() && !new_style_driver)
fatal("Kernel doesn't support ppp_generic - "
"needed for PPPoATM");
#else
fatal("No PPPoATM support on this OS");
#endif
- add_options(pppoa_options);
+ ppp_add_options(pppoa_options);
}
struct channel pppoa_channel = {
.check_options = NULL,
.connect = &connect_pppoatm,
.disconnect = &disconnect_pppoatm,
- .establish_ppp = &generic_establish_ppp,
- .disestablish_ppp = &generic_disestablish_ppp,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
.send_config = NULL,
.recv_config = NULL,
.close = NULL,
noinst_HEADERS = \
pppoe.h
-pppoe_la_CPPFLAGS = -I${top_srcdir} -DSYSCONFDIR=\"${sysconfdir}\"
+pppoe_la_CPPFLAGS = -I${top_srcdir} -DSYSCONFDIR=\"${sysconfdir}\" -DPLUGIN
pppoe_la_LDFLAGS = -module -avoid-version
pppoe_la_SOURCES = plugin.c discovery.c if.c common.c
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
+/* Define to 1 if you have the <stdarg.h> header file. */
+#undef HAVE_STDARG_H
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#undef HAVE_STDDEF_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
/* The size of `unsigned int', as computed by sizeof. */
#undef SIZEOF_UNSIGNED_INT
#include <signal.h>
+#ifdef PLUGIN
+#define signaled(x) ppp_signaled(x)
+#define get_time(x) ppp_get_time(x)
+#else
+int signaled(int signal);
+int get_time(struct timeval *tv);
+
+#endif
+
/* Calculate time remaining until *exp, return 0 if now >= *exp */
static int time_left(struct timeval *diff, struct timeval *exp)
{
while(1) {
r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv);
- if (r >= 0 || errno != EINTR || got_sigterm) break;
+ if (r >= 0 || errno != EINTR || signaled(SIGTERM)) break;
}
if (r < 0) {
error("select (waitForPADO): %m");
while(1) {
r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv);
- if (r >= 0 || errno != EINTR || got_sigterm) break;
+ if (r >= 0 || errno != EINTR || signaled(SIGTERM)) break;
}
if (r < 0) {
error("select (waitForPADS): %m");
do {
padiAttempts++;
- if (got_sigterm || padiAttempts > conn->discoveryAttempts) {
+ if (signaled(SIGTERM) || padiAttempts > conn->discoveryAttempts) {
warn("Timeout waiting for PADO packets");
close(conn->discoverySocket);
conn->discoverySocket = -1;
do {
padrAttempts++;
- if (got_sigterm || padrAttempts > conn->discoveryAttempts) {
+ if (signaled(SIGTERM) || padrAttempts > conn->discoveryAttempts) {
warn("Timeout waiting for PADS packets");
close(conn->discoverySocket);
conn->discoverySocket = -1;
{
int err;
- if (debug)
+ if (debug_on())
pppoe_log_packet("Send ", pkt);
#if defined(HAVE_STRUCT_SOCKADDR_LL)
err = send(sock, pkt, size, 0);
error("error receiving pppoe packet: %m");
return -1;
}
- if (debug)
+ if (debug_on())
pppoe_log_packet("Recv ", pkt);
return 0;
}
#include <linux/if_pppox.h>
#include <pppd/pppd.h>
+#include <pppd/options.h>
#include <pppd/fsm.h>
#include <pppd/lcp.h>
#include <pppd/ipcp.h>
#include <pppd/ccp.h>
-#define PPP_PATH_ETHOPT SYSCONFDIR "/ppp/options."
-
char pppd_version[] = PPPD_VERSION;
/* From sys-linux.c in pppd -- MUST FIX THIS! */
static char *pppoe_host_uniq;
static int pppoe_padi_timeout = PADI_TIMEOUT;
static int pppoe_padi_attempts = MAX_PADI_ATTEMPTS;
+static char devnam[MAXNAMELEN];
static int PPPoEDevnameHook(char *cmd, char **argv, int doit);
-static option_t Options[] = {
+static struct option Options[] = {
{ "device name", o_wild, (void *) &PPPoEDevnameHook,
"PPPoE device name",
OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC,
struct sockaddr_pppox sp;
struct ifreq ifr;
int s;
+ char remote_number[MAXNAMELEN];
/* Open session socket before discovery phase, to avoid losing session */
/* packets sent by peer just after PADS packet (noted on some Cisco */
conn->acName = acName;
conn->serviceName = pppd_pppoe_service;
- strlcpy(ppp_devnam, devnam, MAXPATHLEN);
+ ppp_set_pppdevnam(devnam);
if (existingSession) {
unsigned int mac[ETH_ALEN];
int i, ses;
}
/* Set PPPoE session-number for further consumption */
- ppp_session_number = ntohs(conn->session);
+ ppp_set_session_number(ntohs(conn->session));
sp.sa_family = AF_PPPOX;
sp.sa_protocol = PX_PROTO_OE;
(unsigned) conn->peerEth[3],
(unsigned) conn->peerEth[4],
(unsigned) conn->peerEth[5]);
+ warn("Connected to %s via interface %s", remote_number, conn->ifName);
+ ppp_set_remote_number(remote_number);
- warn("Connected to %02X:%02X:%02X:%02X:%02X:%02X via interface %s",
- (unsigned) conn->peerEth[0],
- (unsigned) conn->peerEth[1],
- (unsigned) conn->peerEth[2],
- (unsigned) conn->peerEth[3],
- (unsigned) conn->peerEth[4],
- (unsigned) conn->peerEth[5],
- conn->ifName);
-
- script_setenv("MACREMOTE", remote_number, 0);
+ ppp_script_setenv("MACREMOTE", remote_number, 0);
if (connect(conn->sessionSocket, (struct sockaddr *) &sp,
sizeof(struct sockaddr_pppox)) < 0) {
static void
PPPOEDeviceOptions(void)
{
+ char name[MAXPATHLEN];
char buf[MAXPATHLEN];
- strlcpy(buf, PPP_PATH_ETHOPT, MAXPATHLEN);
- strlcat(buf, devnam, MAXPATHLEN);
- if (!options_from_file(buf, 0, 0, 1))
- exit(EXIT_OPTION_ERROR);
-
+ slprintf(name, sizeof(name), "options.%s", devnam);
+ if (ppp_get_filepath(PPP_DIR_CONF, name, buf, sizeof(buf)) < sizeof(buf)) {
+ if (!ppp_options_from_file(buf, 0, 0, 1)) {
+ exit(EXIT_OPTION_ERROR);
+ }
+ } else {
+ exit(EXIT_OPTION_ERROR);
+ }
}
struct channel pppoe_channel;
if (the_channel != &pppoe_channel) {
the_channel = &pppoe_channel;
- modem = 0;
+ ppp_set_modem(0);
PPPOEInitDevice();
}
+ ppp_set_devnam(devnam);
return 1;
}
void
plugin_init(void)
{
- if (!ppp_available() && !new_style_driver) {
+ if (!ppp_check_kernel_support() && !new_style_driver) {
fatal("Linux kernel does not support PPPoE -- are you running 2.4.x?");
}
- add_options(Options);
+ ppp_add_options(Options);
info("PPPoE plugin from pppd %s", PPPD_VERSION);
}
if (sscanf(pppoe_reqd_mac, "%x:%x:%x:%x:%x:%x",
&mac[0], &mac[1], &mac[2], &mac[3],
&mac[4], &mac[5]) != 6) {
- option_error("cannot parse pppoe-mac option value");
+ ppp_option_error("cannot parse pppoe-mac option value");
exit(EXIT_OPTION_ERROR);
}
for (i = 0; i < 6; ++i)
.check_options = pppoe_check_options,
.connect = &PPPOEConnectDevice,
.disconnect = &PPPOEDisconnectDevice,
- .establish_ppp = &generic_establish_ppp,
- .disestablish_ppp = &generic_disestablish_ppp,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
.send_config = NULL,
.recv_config = &PPPOERecvConfig,
.close = NULL,
#include <time.h>
#include <signal.h>
#include <sys/time.h>
+#include <stdbool.h>
+#include <stdint.h>
#include "pppoe.h"
return gettimeofday(tv, NULL);
}
+int signaled(int signal) {
+ if (signal == SIGTERM)
+ return got_sigterm;
+ return 0;
+}
+
+bool debug_on()
+{
+ return !!debug;
+}
+
static void
term_handler(int signum)
{
#define NOT_UNICAST(e) ((e[0] & 0x01) != 0)
#define BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) == 0xFF)
#define NOT_BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) != 0xFF)
+
+#ifndef MIN
+#define MIN(a, b) ((a) < (b)? (a): (b))
+#endif
+#ifndef MAX
+#define MAX(a, b) ((a) > (b)? (a): (b))
+#endif
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/time.h>
#include <netinet/in.h>
#include <signal.h>
#include <linux/version.h>
#include <linux/sockios.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
#include <pppd/pppd.h>
-#include <pppd/pathnames.h>
+#include <pppd/options.h>
#include <pppd/fsm.h>
#include <pppd/lcp.h>
#include <pppd/ccp.h>
#include <pppd/ipcp.h>
+#include <pppd/multilink.h>
#ifndef aligned_u64
uint32_t recv_accm) = NULL;
static void (*old_pppol2tp_ip_updown_hook)(int tunnel_id, int session_id,
int up) = NULL;
-static void (*old_multilink_join_hook)(void) = NULL;
+#ifdef PPP_WITH_MULTILINK
+static multilink_join_hook_fn *old_multilink_join_hook = NULL;
+#endif
/*****************************************************************************
* OpenL2TP interface.
uint16_t tid = tunnel_id;
uint16_t sid = session_id;
uint8_t state = up;
- int unit = ifunit;
- char *user_name = NULL;
+ int unit = 0;
+ char ifname[MAXNAMELEN];
+ char user_name[MAXNAMELEN];
+
+ unit = ppp_ifunit();
+ ppp_get_ifname(ifname, sizeof(ifname));
if (openl2tp_fd < 0) {
result = openl2tp_client_create();
}
}
- if (peer_authname[0] != '\0') {
- user_name = strdup(peer_authname);
- }
+ if (!ppp_peer_authname(user_name, sizeof(user_name)))
+ user_name[0] = '\0';
msg->msg_signature = OPENL2TP_MSG_SIGNATURE;
msg->msg_type = OPENL2TP_MSG_TYPE_PPP_UPDOWN_IND;
memcpy(&tlv->tlv_value[0], ifname, tlv->tlv_len);
msg->msg_len += sizeof(*tlv) + ALIGN32(tlv->tlv_len);
- if (user_name != NULL) {
+ if (user_name[0] != '\0') {
tlv = (void *) &msg->msg_data[msg->msg_len];
tlv->tlv_type = OPENL2TP_TLV_TYPE_PPP_USER_NAME;
tlv->tlv_len = strlen(user_name) + 1;
(*old_pppol2tp_ip_updown_hook)(tunnel_id, session_id, up);
}
- if (user_name != NULL)
- free(user_name);
-
return;
}
* multilink bundle.
*****************************************************************************/
+#ifdef PPP_WITH_MULTILINK
static void openl2tp_multilink_join_ind(void)
{
- if (doing_multilink && !multilink_master) {
+ if (mp_on() && !mp_master()) {
/* send event only if not master */
openl2tp_ppp_updown_ind(pppol2tp_tunnel_id,
pppol2tp_session_id, 1);
}
}
+#endif
/*****************************************************************************
* Application init
old_pppol2tp_ip_updown_hook = pppol2tp_ip_updown_hook;
pppol2tp_ip_updown_hook = openl2tp_ppp_updown_ind;
+#ifdef PPP_WITH_MULTILINK
old_multilink_join_hook = multilink_join_hook;
multilink_join_hook = openl2tp_multilink_join_ind;
+#endif
}
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/types.h>
#include <netinet/in.h>
#include <signal.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <stdio.h>
+
#include <linux/version.h>
#include <linux/sockios.h>
#include <linux/if_pppol2tp.h>
#include <pppd/pppd.h>
-#include <pppd/pathnames.h>
+#include <pppd/options.h>
#include <pppd/fsm.h>
#include <pppd/lcp.h>
#include <pppd/ccp.h>
/* Hook provided to allow other plugins to handle IP up/down */
void (*pppol2tp_ip_updown_hook)(int tunnel_id, int session_id, int up) = NULL;
-static option_t pppol2tp_options[] = {
+static struct option pppol2tp_options[] = {
{ "pppol2tp", o_special, &setdevname_pppol2tp,
"FD for PPPoL2TP socket", OPT_DEVNAM | OPT_A2STRVAL,
&pppol2tp_fd_str },
if (device_got_set)
return 0;
- if (!int_option(*argv, &pppol2tp_fd))
+ if (!ppp_int_option(*argv, &pppol2tp_fd))
return 0;
if(getsockname(pppol2tp_fd, (struct sockaddr *)&s, &len) < 0) {
/* Setup option defaults. Compression options are disabled! */
- modem = 0;
+ ppp_set_modem(false);
lcp_allowoptions[0].neg_accompression = 1;
lcp_wantoptions[0].neg_accompression = 0;
}
static void send_config_pppol2tp(int mtu,
- u_int32_t asyncmap,
+ uint32_t asyncmap,
int pcomp,
int accomp)
{
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd >= 0) {
memset (&ifr, '\0', sizeof (ifr));
- strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name));
strlcpy(ifr.ifr_newname, pppol2tp_ifname,
sizeof(ifr.ifr_name));
ioctl(fd, SIOCSIFNAME, (caddr_t) &ifr);
- strlcpy(ifname, pppol2tp_ifname, 32);
+ ppp_set_ifname(pppol2tp_ifname);
if (pppol2tp_debug_mask & PPPOL2TP_MSG_CONTROL) {
dbglog("ppp%d: interface name %s",
- ifunit, ifname);
+ ppp_ifunit(), ppp_ifname());
}
}
close(fd);
warn("Overriding mtu %d to %d", mtu, lcp_allowoptions[0].mru);
mtu = lcp_allowoptions[0].mru;
}
- netif_set_mtu(ifunit, mtu);
+ ppp_set_mtu(ppp_ifunit(), mtu);
reorderto[0] = '\0';
if (pppol2tp_reorder_timeout > 0)
}
static void recv_config_pppol2tp(int mru,
- u_int32_t asyncmap,
+ uint32_t asyncmap,
int pcomp,
int accomp)
{
lcp_allowoptions[0].mru);
mru = lcp_allowoptions[0].mru;
}
- if ((ifunit >= 0) && ioctl(pppol2tp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0)
+ if ((ppp_ifunit() >= 0) && ioctl(pppol2tp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0)
error("Couldn't set PPP MRU: %m");
}
{
#if defined(__linux__)
extern int new_style_driver; /* From sys-linux.c */
- if (!ppp_available() && !new_style_driver)
+ if (!ppp_check_kernel_support() && !new_style_driver)
fatal("Kernel doesn't support ppp_generic - "
"needed for PPPoL2TP");
#else
fatal("No PPPoL2TP support on this OS");
#endif
- add_options(pppol2tp_options);
+ ppp_add_options(pppol2tp_options);
/* Hook up ip up/down notifiers to send indicator to openl2tpd
* that the link is up
*/
- add_notifier(&ip_up_notifier, pppol2tp_ip_up, NULL);
- add_notifier(&ip_down_notifier, pppol2tp_ip_down, NULL);
-#ifdef INET6
- add_notifier(&ipv6_up_notifier, pppol2tp_ip_up, NULL);
- add_notifier(&ipv6_down_notifier, pppol2tp_ip_down, NULL);
+ ppp_add_notify(NF_IP_UP, pppol2tp_ip_up, NULL);
+ ppp_add_notify(NF_IP_DOWN, pppol2tp_ip_down, NULL);
+#ifdef PPP_WITH_IPV6CP
+ ppp_add_notify(NF_IPV6_UP, pppol2tp_ip_up, NULL);
+ ppp_add_notify(NF_IPV6_DOWN, pppol2tp_ip_down, NULL);
#endif
}
.check_options = &pppol2tp_check_options,
.connect = &connect_pppol2tp,
.disconnect = &disconnect_pppol2tp,
- .establish_ppp = &generic_establish_ppp,
- .disestablish_ppp = &generic_disestablish_ppp,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
.send_config = &send_config_pppol2tp,
.recv_config = &recv_config_pppol2tp,
.close = NULL,
*
*/
-VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, void *pval, int len,
+VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, const void *pval, int len,
int vendorcode)
{
VALUE_PAIR *vp;
*
*/
-int rc_avpair_assign (VALUE_PAIR *vp, void *pval, int len)
+int rc_avpair_assign (VALUE_PAIR *vp, const void *pval, int len)
{
int result = -1;
{
case PW_TYPE_STRING:
- if (((len == 0) && (strlen ((char *) pval)) > AUTH_STRING_LEN)
+ if (((len == 0) && (strlen ((const char *) pval)) > AUTH_STRING_LEN)
|| (len > AUTH_STRING_LEN)) {
error("rc_avpair_assign: bad attribute length");
return result;
}
if (len > 0) {
- memcpy(vp->strvalue, (char *)pval, len);
+ memcpy(vp->strvalue, (const char *)pval, len);
vp->strvalue[len] = '\0';
vp->lvalue = len;
} else {
- strncpy ((char*) vp->strvalue, (char *) pval, AUTH_STRING_LEN);
- vp->lvalue = strlen((char *) pval);
+ strncpy ((char*) vp->strvalue, (const char *) pval, AUTH_STRING_LEN);
+ vp->lvalue = strlen((const char *) pval);
}
result = 0;
*
*/
-VALUE_PAIR *rc_avpair_new (int attrid, void *pval, int len, int vendorcode)
+VALUE_PAIR *rc_avpair_new (int attrid, const void *pval, int len, int vendorcode)
{
VALUE_PAIR *vp = (VALUE_PAIR *) NULL;
DICT_ATTR *pda;
if ((adt_vp = rc_avpair_add(&(data.send_pairs), PW_ACCT_DELAY_TIME, &dtime.tv_sec, 0, VENDOR_NONE)) == NULL)
return (ERROR_RC);
- get_time(&start_time);
+ ppp_get_time(&start_time);
result = ERROR_RC;
for(i=0; (i<acctserver->max) && (result != OK_RC) && (result != BADRESP_RC)
; i++)
rc_buildreq(&data, PW_ACCOUNTING_REQUEST, acctserver->name[i],
acctserver->port[i], timeout, retries);
- get_time(&dtime);
+ ppp_get_time(&dtime);
dtime.tv_sec -= start_time.tv_sec;
rc_avpair_assign(adt_vp, &dtime.tv_sec, 0);
* Returns: port id, zero if no entry found
*/
-UINT4 rc_map2id(char *name)
+UINT4 rc_map2id(const char *name)
{
struct map2id_s *p;
char ttyname[PATH_MAX];
* Returns: 0 on failure
*/
-UINT4 rc_get_ipaddr (char *host)
+UINT4 rc_get_ipaddr (const char *host)
{
struct hostent *hp;
*
*/
-int rc_good_ipaddr (char *addr)
+int rc_good_ipaddr (const char *addr)
{
int dot_count;
int digit_count;
static UINT4 this_host_ipaddr = 0;
if (!this_host_ipaddr) {
- if ((this_host_ipaddr = rc_get_ipaddr (hostname)) == 0) {
+ if ((this_host_ipaddr = rc_get_ipaddr (ppp_hostname())) == 0) {
error("rc_own_ipaddress: couldn't get own IP address");
return 0;
}
*/
#include <stddef.h>
-#include <pppd/ppp-crypto.h>
+#include <pppd/crypto.h>
int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl)
{
#include <stdio.h>
#include <sys/stat.h>
+#include <sys/types.h>
+#include <stdint.h>
+#include <stdarg.h>
+#include <stdbool.h>
#include <pppd/pppd.h>
#include "radiusclient.h"
/* calling cleanup() on link down is problematic because print_attributes()
is called only after PAP or CHAP authentication, but not when the link
should go up again for any other reason */
- add_notifier(&link_down_notifier, cleanup, NULL);
+ ppp_add_notify(NF_LINK_DOWN, cleanup, NULL);
#endif
/* Just in case... */
- add_notifier(&exitnotify, cleanup, NULL);
+ ppp_add_notify(NF_EXIT, cleanup, NULL);
info("RADATTR plugin initialized.");
}
int cnt = 0;
mode_t old_umask;
- slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
+ slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ppp_ifname());
old_umask = umask(077);
fp = fopen(fname, "w");
umask(old_umask);
{
char fname[512];
- slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
+ slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ppp_get_ifname(NULL,0));
(void) remove(fname);
dbglog("RADATTR plugin removed file %s.", fname);
}
#include <string.h>
#include <netinet/in.h>
#include <stdlib.h>
+#include <stdarg.h>
+#include <stdbool.h>
#include <pppd/pppd.h>
-#include <pppd/chap-new.h>
+#include <pppd/options.h>
+#include <pppd/chap.h>
+#include <pppd/upap.h>
#ifdef PPP_WITH_CHAPMS
#include <pppd/chap_ms.h>
#ifdef PPP_WITH_MPPE
#include <pppd/mppe.h>
-#include <pppd/ppp-crypto.h>
+#include <pppd/crypto.h>
#endif
#endif
#include <pppd/fsm.h>
{ NULL }
};
-static int radius_secret_check(void);
-static int radius_pap_auth(char *user,
- char *passwd,
- char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-static int radius_chap_verify(char *user, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge,
- unsigned char *response,
- char *message, int message_space);
+static pap_check_hook_fn radius_secret_check;
+static pap_auth_hook_fn radius_pap_auth;
+static chap_verify_hook_fn radius_chap_verify;
static void radius_ip_up(void *opaque, int arg);
static void radius_ip_down(void *opaque, int arg);
-static void make_username_realm(char *user);
+static void make_username_realm(const char *user);
static int radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
struct chap_digest_type *digest,
unsigned char *challenge,
char *message, int message_space);
static void radius_choose_ip(u_int32_t *addrp);
static int radius_init(char *msg);
-static int get_client_port(char *ifname);
+static int get_client_port(const char *ifname);
static int radius_allowed_address(u_int32_t addr);
static void radius_acct_interim(void *);
#ifdef PPP_WITH_MPPE
ip_choose_hook = radius_choose_ip;
allowed_address_hook = radius_allowed_address;
- add_notifier(&ip_up_notifier, radius_ip_up, NULL);
- add_notifier(&ip_down_notifier, radius_ip_down, NULL);
+ ppp_add_notify(NF_IP_UP, radius_ip_up, NULL);
+ ppp_add_notify(NF_IP_DOWN, radius_ip_down, NULL);
memset(&rstate, 0, sizeof(rstate));
strlcpy(rstate.config_file, "/etc/radiusclient/radiusclient.conf",
sizeof(rstate.config_file));
- add_options(Options);
+ ppp_add_options(Options);
info("RADIUS plugin initialized.");
}
UINT4 av_type;
int result;
static char radius_msg[BUF_LEN];
+ const char *remote_number;
+ const char *ipparam;
radius_msg[0] = 0;
*msgp = radius_msg;
/* Hack... the "port" is the ppp interface number. Should really be
the tty */
- rstate.client_port = get_client_port(portnummap ? devnam : ifname);
+ rstate.client_port = get_client_port(portnummap ? ppp_devnam() : ppp_ifname());
av_type = PW_FRAMED;
rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE);
rc_avpair_add(&send, PW_USER_NAME, rstate.user , 0, VENDOR_NONE);
rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE);
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0,
VENDOR_NONE);
} else if (ipparam)
#else
REQUEST_INFO *req_info = NULL;
#endif
+ const char *remote_number;
+ const char *ipparam;
challenge_len = *challenge++;
response_len = *response++;
/* Put user with potentially realm added in rstate.user */
if (!rstate.done_chap_once) {
make_username_realm(user);
- rstate.client_port = get_client_port (portnummap ? devnam : ifname);
+ rstate.client_port = get_client_port (portnummap ? ppp_devnam() : ppp_ifname());
if (radius_pre_auth_hook) {
radius_pre_auth_hook(rstate.user,
&rstate.authserver,
#endif
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0,
VENDOR_NONE);
} else if (ipparam)
* then the default realm from the radiusclient config file is added.
***********************************************************************/
static void
-make_username_realm(char *user)
+make_username_realm(const char *user)
{
char *default_realm;
case PW_SESSION_TIMEOUT:
/* Session timeout */
- maxconnect = vp->lvalue;
+ ppp_set_max_connect_time(vp->lvalue);
break;
case PW_FILTER_ID:
/* packet filter, will be handled via ip-(up|down) script */
- script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1);
+ ppp_script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1);
break;
case PW_FRAMED_ROUTE:
/* route, will be handled via ip-(up|down) script */
- script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1);
+ ppp_script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1);
break;
case PW_IDLE_TIMEOUT:
/* idle parameter */
- idle_time_limit = vp->lvalue;
+ ppp_set_max_idle_time(vp->lvalue);
break;
case PW_SESSION_OCTETS_LIMIT:
/* Session traffic limit */
- maxoctets = vp->lvalue;
+ ppp_set_session_limit(vp->lvalue);
break;
case PW_OCTETS_DIRECTION:
/* Session traffic limit direction check */
- maxoctets_dir = ( vp->lvalue > 4 ) ? 0 : vp->lvalue ;
+ ppp_set_session_limit_dir(vp->lvalue);
break;
case PW_ACCT_INTERIM_INTERVAL:
/* Send accounting updates every few seconds */
} else if (remote != 0xfffffffe) {
/* 0xfffffffe means NAS should select an ip address */
remote = htonl(vp->lvalue);
- if (bad_ip_adrs (remote)) {
+ if (ppp_bad_ip_addr (remote)) {
slprintf(msg, BUF_LEN, "RADIUS: bad remote IP address %I for %s",
remote, rstate.user);
return -1;
} /* else too big for our buffer - ignore it */
break;
case PW_FRAMED_MTU:
- netif_set_mtu(rstate.client_port,MIN(netif_get_mtu(rstate.client_port),vp->lvalue));
+ ppp_set_mtu(rstate.client_port,MIN(ppp_get_mtu(rstate.client_port),vp->lvalue));
break;
}
VALUE_PAIR *send = NULL;
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
+ const char *remote_number;
+ const char *ipparam;
if (!rstate.initialized) {
return;
av_type = PW_PPP;
rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE);
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
hisaddr = ho->hisaddr;
/* Kick off periodic accounting reports */
if (rstate.acct_interim_interval) {
- TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
+ ppp_timeout(radius_acct_interim, NULL, rstate.acct_interim_interval, 0);
}
}
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
int result;
+ const char *remote_number;
+ const char *ipparam;
+ ppp_link_stats_st stats;
if (!rstate.initialized) {
return;
}
if (rstate.acct_interim_interval)
- UNTIMEOUT(radius_acct_interim, NULL);
+ ppp_untimeout(radius_acct_interim, NULL);
rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id,
0, VENDOR_NONE);
av_type = PW_RADIUS;
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
+ if (ppp_get_link_stats(&stats)) {
- if (link_stats_valid) {
- av_type = link_connect_time;
+ av_type = ppp_get_link_uptime();
rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.bytes_out & 0xFFFFFFFF;
+ av_type = stats.bytes_out & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- if (link_stats.bytes_out > 0xFFFFFFFF) {
- av_type = link_stats.bytes_out >> 32;
+ if (stats.bytes_out > 0xFFFFFFFF) {
+ av_type = stats.bytes_out >> 32;
rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
}
- av_type = link_stats.bytes_in & 0xFFFFFFFF;
+ av_type = stats.bytes_in & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- if (link_stats.bytes_in > 0xFFFFFFFF) {
- av_type = link_stats.bytes_in >> 32;
+ if (stats.bytes_in > 0xFFFFFFFF) {
+ av_type = stats.bytes_in >> 32;
rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
}
- av_type = link_stats.pkts_out;
+ av_type = stats.pkts_out;
rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.pkts_in;
+ av_type = stats.pkts_in;
rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE);
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
av_type = PW_NAS_ERROR;
- switch( status ) {
+ switch( ppp_status() ) {
case EXIT_OK:
av_type = PW_USER_REQUEST;
break;
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
int result;
+ const char *remote_number;
+ const char *ipparam;
+ ppp_link_stats_st stats;
if (!rstate.initialized) {
return;
av_type = PW_RADIUS;
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
- /* Update link stats */
- update_link_stats(0);
+ if (ppp_get_link_stats(&stats)) {
- if (link_stats_valid) {
- link_stats_valid = 0; /* Force later code to update */
-
- av_type = link_connect_time;
+ av_type = ppp_get_link_uptime();
rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.bytes_out & 0xFFFFFFFF;
+ av_type = stats.bytes_out & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- if (link_stats.bytes_out > 0xFFFFFFFF) {
- av_type = link_stats.bytes_out >> 32;
+ if (stats.bytes_out > 0xFFFFFFFF) {
+ av_type = stats.bytes_out >> 32;
rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
}
- av_type = link_stats.bytes_in & 0xFFFFFFFF;
+ av_type = stats.bytes_in & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- if (link_stats.bytes_in > 0xFFFFFFFF) {
- av_type = link_stats.bytes_in >> 32;
+ if (stats.bytes_in > 0xFFFFFFFF) {
+ av_type = stats.bytes_in >> 32;
rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
}
- av_type = link_stats.pkts_out;
+ av_type = stats.pkts_out;
rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.pkts_in;
+ av_type = stats.pkts_in;
rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE);
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
hisaddr = ho->hisaddr;
rc_avpair_free(send);
/* Schedule another one */
- TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
+ ppp_timeout(radius_acct_interim, NULL, rstate.acct_interim_interval, 0);
}
/**********************************************************************
* Extracts the port number from the interface name
***********************************************************************/
static int
-get_client_port(char *ifname)
+get_client_port(const char *ifname)
{
int port;
if (sscanf(ifname, "ppp%d", &port) == 1) {
#include <sys/types.h>
#include <stdio.h>
#include <time.h>
+#include <stdbool.h>
+
#include <pppd/pppd.h>
+#include <pppd/options.h>
#ifndef _UINT4_T
/* This works for all machines that Linux runs on... */
/* avpair.c */
-VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, void *, int, int);
-int rc_avpair_assign(VALUE_PAIR *, void *, int);
-VALUE_PAIR *rc_avpair_new(int, void *, int, int);
+VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, const void *, int, int);
+int rc_avpair_assign(VALUE_PAIR *, const void *, int);
+VALUE_PAIR *rc_avpair_new(int, const void *, int, int);
VALUE_PAIR *rc_avpair_gen(AUTH_HDR *);
VALUE_PAIR *rc_avpair_get(VALUE_PAIR *, UINT4);
VALUE_PAIR *rc_avpair_copy(VALUE_PAIR *);
/* clientid.c */
int rc_read_mapfile(char *);
-UINT4 rc_map2id(char *);
+UINT4 rc_map2id(const char *);
/* config.c */
/* ip_util.c */
-UINT4 rc_get_ipaddr(char *);
-int rc_good_ipaddr(char *);
+UINT4 rc_get_ipaddr(const char *);
+int rc_good_ipaddr(const char *);
const char *rc_ip_hostname(UINT4);
UINT4 rc_own_ipaddress(void);
UINT4 rc_own_bind_ipaddress(void);
#include <string.h>
#include <stdlib.h>
#include <sys/param.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdarg.h>
+#include <sys/types.h>
+
#include <pppd/pppd.h>
#include "radiusclient.h"
}
if ((fd = fopen(radrealms_config, "r")) == NULL) {
- option_error("cannot open %s", radrealms_config);
+ ppp_option_error("cannot open %s", radrealms_config);
free(auths);
free(accts);
return;
if (p == NULL || (strcmp(p, "authserver") !=0
&& strcmp(p, "acctserver"))) {
fclose(fd);
- option_error("%s: invalid line %d: %s", radrealms_config,
+ ppp_option_error("%s: invalid line %d: %s", radrealms_config,
line, buffer);
free(auths);
free(accts);
if ((p = strtok(NULL, "\t ")) == NULL) {
fclose(fd);
- option_error("%s: realm name missing on line %d: %s",
+ ppp_option_error("%s: realm name missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
info(" - Matched realm %s", p);
if ((p = strtok(NULL, ":")) == NULL) {
fclose(fd);
- option_error("%s: server address missing on line %d: %s",
+ ppp_option_error("%s: server address missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
info(" - Address is '%s'",p);
if ((p = strtok(NULL, "\t ")) == NULL) {
fclose(fd);
- option_error("%s: server port missing on line %d: %s",
+ ppp_option_error("%s: server port missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
{
radius_pre_auth_hook = lookup_realm;
- add_options(Options);
+ ppp_add_options(Options);
info("RADIUS Realms plugin initialized.");
}
#include <includes.h>
#include <radiusclient.h>
#include <pathnames.h>
+#include <signal.h>
static void rc_random_vector (unsigned char *);
static int rc_check_reply (AUTH_HDR *, int, char *, unsigned char *, unsigned char);
FD_SET (sockfd, &readfds);
if (select (sockfd + 1, &readfds, NULL, NULL, &authtime) < 0)
{
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
error("rc_send_server: select: %m");
memset (secret, '\0', sizeof (secret));
#include <stdlib.h>
#include <errno.h>
#include <ctype.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
#include <pppd/pppd.h>
-#include <pppd/chap-new.h>
+#include <pppd/options.h>
+#include <pppd/chap.h>
#include <pppd/chap_ms.h>
+#include <pppd/upap.h>
#include <pppd/fsm.h>
#include <pppd/ipcp.h>
#include <pppd/mppe.h>
-#include <pppd/ppp-crypto.h>
+#include <pppd/crypto.h>
#define BUF_LEN 1024
p = argv[0];
if (p[0] != '/') {
- option_error("ntlm_auth-helper argument must be full path");
+ ppp_option_error("ntlm_auth-helper argument must be full path");
return 0;
}
p = strdup(p);
return 1;
}
-static option_t Options[] = {
+static struct option Options[] = {
{ "ntlm_auth-helper", o_special, (void *) &set_ntlm_auth,
"Path to ntlm_auth executable", OPT_PRIV },
{ NULL }
};
-static int
-winbind_secret_check(void);
-
-static int winbind_pap_auth(char *user,
- char *passwd,
- char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-static int winbind_chap_verify(char *user, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge,
- unsigned char *response,
- char *message, int message_space);
-static int winbind_allowed_address(u_int32_t addr);
+static pap_check_hook_fn winbind_secret_check;
+static pap_auth_hook_fn winbind_pap_auth;
+static chap_verify_hook_fn winbind_chap_verify;
+static int winbind_allowed_address(uint32_t addr);
char pppd_version[] = PPPD_VERSION;
/* Don't ask the peer for anything other than MS-CHAP or MS-CHAP V2 */
chap_mdtype_all &= (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT);
- add_options(Options);
+ ppp_add_options(Options);
info("WINBIND plugin initialized.");
}
return NOT_AUTHENTICATED;
}
- forkret = safe_fork(child_in[0], child_out[1], 2);
+ forkret = ppp_safe_fork(child_in[0], child_out[1], 2);
if (forkret == -1) {
if (error_string) {
*error_string = strdup("fork failed!");
return NOT_AUTHENTICATED;
}
- while ((wait(&status) == -1) && errno == EINTR && !got_sigterm)
+ while ((wait(&status) == -1) && errno == EINTR && !ppp_signaled(SIGTERM))
;
if ((authenticated == AUTHENTICATED) && nt_key && !got_user_session_key) {
int challenge_len, response_len;
char domainname[256];
char *domain;
- char *username;
+ const char *username;
char *p;
unsigned char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
}
static int
-winbind_allowed_address(u_int32_t addr)
+winbind_allowed_address(uint32_t addr)
{
ipcp_options *wo = &ipcp_wantoptions[0];
if (wo->hisaddr !=0 && wo->hisaddr == addr) {
+++ /dev/null
-/* ppp-crypo-priv.h - Crypto private data structures
- *
- * Copyright (c) 2022 Eivind Næss. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#ifndef PPP_CRYPTO_PRIV_H
-#define PPP_CRYPTO_PRIV_H
-
-#include "ppp-crypto.h"
-
-#define MAX_KEY_SIZE 32
-#define MAX_IV_SIZE 32
-
-struct _PPP_MD
-{
- int (*init_fn)(PPP_MD_CTX *ctx);
- int (*update_fn)(PPP_MD_CTX *ctx, const void *data, size_t cnt);
- int (*final_fn)(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen);
- void (*clean_fn)(PPP_MD_CTX *ctx);
-};
-
-struct _PPP_MD_CTX
-{
- PPP_MD md;
- void *priv;
-};
-
-struct _PPP_CIPHER
-{
- int (*init_fn)(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv);
- int (*update_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
- int (*final_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
- void (*clean_fn)(PPP_CIPHER_CTX *ctx);
-};
-
-struct _PPP_CIPHER_CTX
-{
- PPP_CIPHER cipher;
- unsigned char key[MAX_KEY_SIZE];
- unsigned char iv[MAX_IV_SIZE];
- int is_encr;
- void *priv;
-};
-
-
-#endif
+++ /dev/null
-/* ppp-crypto.c - Generic API for access to crypto/digest functions.
- *
- * Copyright (c) 2022 Eivind Næss. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "ppp-crypto.h"
-#include "ppp-crypto-priv.h"
-
-#ifdef PPP_WITH_OPENSSL
-#include <openssl/opensslv.h>
-#endif
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-#include <openssl/provider.h>
-struct crypto_ctx {
-
- OSSL_PROVIDER *legacy;
- OSSL_PROVIDER *provider;
-} g_crypto_ctx;
-#endif
-
-PPP_MD_CTX *PPP_MD_CTX_new()
-{
- return (PPP_MD_CTX*) calloc(1, sizeof(PPP_MD_CTX));
-}
-
-void PPP_MD_CTX_free(PPP_MD_CTX* ctx)
-{
- if (ctx) {
- if (ctx->md.clean_fn) {
- ctx->md.clean_fn(ctx);
- }
- free(ctx);
- }
-}
-
-int PPP_DigestInit(PPP_MD_CTX *ctx, const PPP_MD *type)
-{
- if (ctx) {
- ctx->md = *type;
- if (ctx->md.init_fn) {
- return ctx->md.init_fn(ctx);
- }
- }
- return 0;
-}
-
-int PPP_DigestUpdate(PPP_MD_CTX *ctx, const void *data, size_t length)
-{
- if (ctx && ctx->md.update_fn) {
- return ctx->md.update_fn(ctx, data, length);
- }
- return 0;
-}
-
-int PPP_DigestFinal(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen)
-{
- if (ctx && ctx->md.final_fn) {
- return ctx->md.final_fn(ctx, out, outlen);
- }
- return 0;
-}
-
-PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void)
-{
- return calloc(1, sizeof(PPP_CIPHER_CTX));
-}
-
-void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx)
-{
- if (ctx) {
- if (ctx->cipher.clean_fn) {
- ctx->cipher.clean_fn(ctx);
- }
- memset(ctx->iv, 0, sizeof(ctx->iv));
- memset(ctx->key, 0, sizeof(ctx->key));
- free(ctx);
- }
-}
-
-int PPP_CipherInit(PPP_CIPHER_CTX *ctx, const PPP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int encr)
-{
- if (ctx && cipher) {
- ctx->is_encr = encr;
- ctx->cipher = *cipher;
- if (ctx->cipher.init_fn) {
- ctx->cipher.init_fn(ctx, key, iv);
- }
- return 1;
- }
- return 0;
-}
-
-int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl)
-{
- if (ctx && ctx->cipher.update_fn) {
- return ctx->cipher.update_fn(ctx, out, outl, in, inl);
- }
- return 0;
-}
-
-int PPP_CipherFinal(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-{
- if (ctx && ctx->cipher.final_fn) {
- return ctx->cipher.final_fn(ctx, out, outl);
- }
- return 0;
-}
-
-int PPP_crypto_init()
-{
- int retval = 0;
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- g_crypto_ctx.legacy = OSSL_PROVIDER_load(NULL, "legacy");
- if (g_crypto_ctx.legacy == NULL)
- {
- goto done;
- }
-
- g_crypto_ctx.provider = OSSL_PROVIDER_load(NULL, "default");
- if (g_crypto_ctx.provider == NULL)
- {
- goto done;
- }
-#endif
- retval = 1;
-
-done:
-
- return retval;
-}
-
-int PPP_crypto_deinit()
-{
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- if (g_crypto_ctx.legacy) {
- OSSL_PROVIDER_unload(g_crypto_ctx.legacy);
- g_crypto_ctx.legacy = NULL;
- }
-
- if (g_crypto_ctx.provider) {
- OSSL_PROVIDER_unload(g_crypto_ctx.provider);
- g_crypto_ctx.provider = NULL;
- }
-#endif
- return 1;
-}
-
-#ifdef UNIT_TEST
-#include <stdio.h>
-
-int test_md4()
-{
- PPP_MD_CTX* ctx = NULL;
- int success = 0;
-
- unsigned char data[84] = {
- 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
- 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
- 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
- 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
- 0x6b, 0x65, 0x79, 0x2e
- };
-
- unsigned int hash_len;
- unsigned char hash[MD4_DIGEST_LENGTH];
- unsigned char result[MD4_DIGEST_LENGTH] = {
- 0x58, 0xcb, 0x37, 0x91, 0x1d, 0x06, 0x7b, 0xdf,
- 0xfd, 0x48, 0x6d, 0x87, 0x4a, 0x35, 0x5b, 0xd4
- };
-
- ctx = PPP_MD_CTX_new();
- if (ctx) {
-
- if (PPP_DigestInit(ctx, PPP_md4())) {
-
- if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
-
- hash_len = sizeof(hash);
- if (PPP_DigestFinal(ctx, hash, &hash_len)) {
-
- if (memcmp(hash, result, MD4_DIGEST_LENGTH) == 0) {
- success = 1;
- }
- }
- }
- }
- PPP_MD_CTX_free(ctx);
- }
-
- return success;
-}
-
-int test_md5()
-{
- PPP_MD_CTX* ctx = NULL;
- int success = 0;
-
- unsigned char data[84] = {
- 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
- 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
- 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
- 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
- 0x6b, 0x65, 0x79, 0x2e
- };
-
- unsigned int hash_len;
- unsigned char hash[MD5_DIGEST_LENGTH];
- unsigned char result[MD5_DIGEST_LENGTH] = {
- 0x8b, 0xe3, 0x5e, 0x2c, 0x9f, 0x95, 0xbf, 0x4e,
- 0x16, 0xe4, 0x53, 0xbe, 0x52, 0xf4, 0xbc, 0x4e
- };
-
- ctx = PPP_MD_CTX_new();
- if (ctx) {
-
- if (PPP_DigestInit(ctx, PPP_md5())) {
-
- if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
-
- hash_len = sizeof(hash);
- if (PPP_DigestFinal(ctx, hash, &hash_len)) {
-
- if (memcmp(hash, result, MD5_DIGEST_LENGTH) == 0) {
- success = 1;
- }
- }
- }
- }
- PPP_MD_CTX_free(ctx);
- }
-
- return success;
-}
-
-int test_sha()
-{
- PPP_MD_CTX* ctx = NULL;
- int success = 0;
-
- unsigned char data[84] = {
- 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
- 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
- 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
- 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
- 0x6b, 0x65, 0x79, 0x2e
- };
-
- unsigned int hash_len;
- unsigned char hash[SHA_DIGEST_LENGTH];
- unsigned char result[SHA_DIGEST_LENGTH] = {
- 0xa8, 0x03, 0xae, 0x21, 0x30, 0xd8, 0x40, 0xbe,
- 0x27, 0xa3, 0x47, 0xc7, 0x7a, 0x90, 0xe6, 0xa3,
- 0x5b, 0xd5, 0x0e, 0x45
- };
-
- ctx = PPP_MD_CTX_new();
- if (ctx) {
-
- if (PPP_DigestInit(ctx, PPP_sha1())) {
-
- if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
-
- hash_len = sizeof(hash);
- if (PPP_DigestFinal(ctx, hash, &hash_len)) {
-
- if (memcmp(hash, result, SHA_DIGEST_LENGTH) == 0) {
- success = 1;
- }
- }
- }
- }
- PPP_MD_CTX_free(ctx);
- }
-
- return success;
-}
-
-int test_des_encrypt()
-{
- PPP_CIPHER_CTX* ctx = NULL;
- int success = 0;
-
- unsigned char key[8] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
-
- unsigned char plain[80] = {
- 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
- 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
- 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
- 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20
- };
- unsigned char expect[80] = {
- 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60,
- 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a,
- 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16,
- 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
- 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8,
- 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd,
- 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4,
- 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed,
- 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
- 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49
- };
-
- unsigned char cipher[80] = {};
- int cipher_len = 0;
- int offset = 0;
-
-
- ctx = PPP_CIPHER_CTX_new();
- if (ctx) {
-
- if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 1)) {
-
- if (PPP_CipherUpdate(ctx, cipher, &cipher_len, plain, sizeof(plain))) {
-
- offset += cipher_len;
-
- if (PPP_CipherFinal(ctx, cipher+offset, &cipher_len)) {
-
- if (memcmp(cipher, expect, 80) == 0) {
-
- success = 1;
- }
- }
- }
- }
- PPP_CIPHER_CTX_free(ctx);
- }
-
- return success;
-}
-
-
-int test_des_decrypt()
-{
- PPP_CIPHER_CTX* ctx = NULL;
- int success = 0;
-
- unsigned char key[8] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
-
- unsigned char cipher[80] = {
- 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60,
- 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a,
- 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16,
- 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
- 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8,
- 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd,
- 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4,
- 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed,
- 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
- 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49
- };
-
- unsigned char expect[80] = {
- 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
- 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
- 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
- 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
- 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
- 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
- 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20
- };
-
- unsigned char plain[80] = {};
- int outlen = 0;
- int offset = 0;
-
- ctx = PPP_CIPHER_CTX_new();
- if (ctx) {
-
- if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 0)) {
-
- if (PPP_CipherUpdate(ctx, plain, &outlen, cipher, sizeof(cipher))) {
-
- offset += outlen;
-
- if (PPP_CipherFinal(ctx, plain+offset, &outlen)) {
-
- if (memcmp(plain, expect, 80) == 0) {
-
- success = 1;
- }
- }
- }
- }
- PPP_CIPHER_CTX_free(ctx);
- }
-
- return success;
-}
-
-int main(int argc, char *argv[])
-{
- int failure = 0;
-
- if (!PPP_crypto_init()) {
- printf("Couldn't initialize crypto test\n");
- return -1;
- }
-
- if (!test_md4()) {
- printf("MD4 test failed\n");
- failure++;
- }
-
- if (!test_md5()) {
- printf("MD5 test failed\n");
- failure++;
- }
-
- if (!test_sha()) {
- printf("SHA test failed\n");
- failure++;
- }
-
- if (!test_des_encrypt()) {
- printf("DES encryption test failed\n");
- failure++;
- }
-
- if (!test_des_decrypt()) {
- printf("DES decryption test failed\n");
- failure++;
- }
-
- if (!PPP_crypto_deinit()) {
- printf("Couldn't deinitialize crypto test\n");
- return -1;
- }
-
- return failure;
-}
-
-#endif
+++ /dev/null
-/* ppp-crypto.h - Generic API for access to crypto/digest functions.
- *
- * Copyright (c) 2022 Eivind Næss. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef PPP_CRYPTO_H
-#define PPP_CRYPTO_H
-
-#ifndef MD5_DIGEST_LENGTH
-#define MD5_DIGEST_LENGTH 16
-#endif
-
-#ifndef MD4_DIGEST_LENGTH
-#define MD4_DIGEST_LENGTH 16
-#endif
-
-#ifndef SHA_DIGEST_LENGTH
-#define SHA_DIGEST_LENGTH 20
-#endif
-
-struct _PPP_MD_CTX;
-struct _PPP_MD;
-
-typedef struct _PPP_MD_CTX PPP_MD_CTX;
-typedef struct _PPP_MD PPP_MD;
-
-
-PPP_MD_CTX *PPP_MD_CTX_new();
-void PPP_MD_CTX_free(PPP_MD_CTX*);
-
-
-const PPP_MD *PPP_md4(void);
-const PPP_MD *PPP_md5(void);
-const PPP_MD *PPP_sha1(void);
-
-
-int PPP_DigestInit(PPP_MD_CTX *ctx,
- const PPP_MD *type);
-int PPP_DigestUpdate(PPP_MD_CTX *ctx,
- const void *data, size_t cnt);
-int PPP_DigestFinal(PPP_MD_CTX *ctx,
- unsigned char *out, unsigned int *outlen);
-
-
-struct _PPP_CIPHER_CTX;
-struct _PPP_CIPHER;
-
-typedef struct _PPP_CIPHER_CTX PPP_CIPHER_CTX;
-typedef struct _PPP_CIPHER PPP_CIPHER;
-
-
-PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void);
-void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx);
-
-const PPP_CIPHER *PPP_des_ecb(void);
-
-void PPP_CIPHER_CTX_set_cipher_data(PPP_CIPHER_CTX *ctx,
- const unsigned char *key);
-
-int PPP_CipherInit(PPP_CIPHER_CTX *ctx,
- const PPP_CIPHER *cipher,
- const unsigned char *key,
- const unsigned char *iv,
- int encr);
-
-int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx,
- unsigned char *out, int *outl,
- const unsigned char *in, int inl);
-
-int PPP_CipherFinal(PPP_CIPHER_CTX *ctx,
- unsigned char *out, int *outl);
-
-int PPP_crypto_init();
-int PPP_crypto_deinit();
-
-#endif
#include <stdlib.h>
#include <string.h>
-#include "ppp-crypto-priv.h"
+#include "crypto-priv.h"
#ifdef OPENSSL_HAVE_DES
#include <stdio.h>
#include <stdlib.h>
-#include "ppp-crypto-priv.h"
+#include "crypto-priv.h"
#ifdef OPENSSL_HAVE_MD4
#include <stdlib.h>
#include <string.h>
-#include "ppp-crypto-priv.h"
+#include "crypto-priv.h"
#ifdef OPENSSL_HAVE_MD5
#include <openssl/evp.h>
#include <stdlib.h>
#include <stddef.h>
-#include "ppp-crypto-priv.h"
+#include "crypto-priv.h"
/* #define SHA1HANDSOFF * Copies data before messing with it. */
+++ /dev/null
-/*
- * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
- *
- * Extracted from chap_ms.c by James Carlson.
- *
- * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Sections of this code holds different copyright information.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <stddef.h>
-
-#include "pppcrypt.h"
-#include "ppp-crypto.h"
-
-
-/*
- * DES_set_odd_parity function are imported from openssl 3.0 project with the
- * follwoing license:
- *
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-typedef unsigned char DES_cblock[8];
-#define DES_KEY_SZ (sizeof(DES_cblock))
-
-static const unsigned char odd_parity[256] = {
- 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
- 110,
- 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
- 127,
- 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
- 143,
- 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
- 158,
- 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
- 174,
- 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
- 191,
- 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
- 206,
- 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
- 223,
- 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
- 239,
- 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
- 254
-};
-
-static void DES_set_odd_parity(DES_cblock *key)
-{
- unsigned int i;
- for (i = 0; i < DES_KEY_SZ; i++)
- (*key)[i] = odd_parity[(*key)[i]];
-}
-
-static unsigned char
-Get7Bits(const unsigned char *input, int startBit)
-{
- unsigned int word;
-
- word = (unsigned)input[startBit / 8] << 8;
- word |= (unsigned)input[startBit / 8 + 1];
-
- word >>= 15 - (startBit % 8 + 7);
-
- return word & 0xFE;
-}
-
-static void
-MakeKey(const unsigned char *key, unsigned char *des_key)
-{
- /* key IN 56 bit DES key missing parity bits */
- /* des_key OUT 64 bit DES key with parity bits added */
- des_key[0] = Get7Bits(key, 0);
- des_key[1] = Get7Bits(key, 7);
- des_key[2] = Get7Bits(key, 14);
- des_key[3] = Get7Bits(key, 21);
- des_key[4] = Get7Bits(key, 28);
- des_key[5] = Get7Bits(key, 35);
- des_key[6] = Get7Bits(key, 42);
- des_key[7] = Get7Bits(key, 49);
-
- DES_set_odd_parity((DES_cblock *)des_key);
-}
-
-#include <openssl/evp.h>
-
-int
-DesEncrypt(unsigned char *clear, unsigned char *key, unsigned char *cipher)
-{
- int retval = 0;
- unsigned int clen = 0;
- unsigned char des_key[8];
-
- PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new();
- if (ctx) {
-
- MakeKey(key, des_key);
-
- if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 1)) {
-
- if (PPP_CipherUpdate(ctx, cipher, &clen, clear, 8)) {
-
- if (PPP_CipherFinal(ctx, cipher + clen, &clen)) {
-
- retval = 1;
- }
- }
- }
-
- PPP_CIPHER_CTX_free(ctx);
- }
-
- return (retval);
-}
-
-int
-DesDecrypt(unsigned char *cipher, unsigned char *key, unsigned char *clear)
-{
- int retval = 0;
- unsigned int clen = 0;
- unsigned char des_key[8];
-
- PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new();
- if (ctx) {
-
- MakeKey(key, des_key);
-
- if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 0)) {
-
- if (PPP_CipherUpdate(ctx, clear, &clen, cipher, 8)) {
-
- if (PPP_CipherFinal(ctx, clear + clen, &clen)) {
-
- retval = 1;
- }
- }
- }
-
- PPP_CIPHER_CTX_free(ctx);
- }
-
- return (retval);
-}
-
-#ifdef UNIT_TEST_PPPCRYPT
-
-#include <string.h>
-#include <stdio.h>
-
-/**
- * The test-vectors are taken from RFC2759.
- */
-int test_encrypt()
-{
- unsigned char Challenge[8] = {
- 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26
- };
-
- unsigned char ZPasswordHash[21] = {
- 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
- 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
- };
-
- unsigned char expected[24] = {
- 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
- 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
- 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
- };
- unsigned char response[24] = {};
- unsigned int retval = 0;
-
- DesEncrypt(Challenge, ZPasswordHash + 0, response + 0);
- DesEncrypt(Challenge, ZPasswordHash + 7, response + 8);
- DesEncrypt(Challenge, ZPasswordHash + 14, response + 16);
-
- return memcmp(response, expected, sizeof(response)) == 0;
-}
-
-int test_decrypt()
-{
- unsigned char Challenge[8] = {
- 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26
- };
-
- unsigned char ZPasswordHash[21] = {
- 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
- 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
- };
-
- unsigned char Response[24] = {
- 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
- 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
- 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
- };
- unsigned char Output[8];
- unsigned int failure = 0;
-
- if (DesDecrypt(Response + 0, ZPasswordHash + 0, Output)) {
- failure += memcmp(Challenge, Output, sizeof(Challenge));
- }
-
- if (DesDecrypt(Response + 8, ZPasswordHash + 7, Output)) {
- failure += memcmp(Challenge, Output, sizeof(Challenge));
- }
-
- if (DesDecrypt(Response +16, ZPasswordHash +14, Output)) {
- failure += memcmp(Challenge, Output, sizeof(Challenge));
- }
-
- return failure == 0;
-}
-
-int main(int argc, char *argv[])
-{
- int failure = 0;
-
- if (!PPP_crypto_init()) {
- printf("Couldn't initialize crypto test\n");
- return -1;
- }
-
- if (!test_encrypt()) {
- printf("CHAP DES encryption test failed\n");
- failure++;
- }
-
- if (!test_decrypt()) {
- printf("CHAP DES decryption test failed\n");
- failure++;
- }
-
- if (!PPP_crypto_deinit()) {
- printf("Couldn't deinitialize crypto test\n");
- return -1;
- }
-
- return failure;
-}
-
-#endif
+++ /dev/null
-/*
- * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
- *
- * Extracted from chap_ms.c by James Carlson.
- * Updated to better reflect RFC2759 by Eivind Naess
- *
- * Copyright (c) 2022 Eivind Naess. All rights reserved.
- * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#ifndef PPP_PPPCRYPT_H
-#define PPP_PPPCRYPT_H
-
-#include "pppdconf.h"
-
-/**
- * This is the DES encrypt functions as described by RFC2759.
- *
- * Parameters:
- * unsigned char *clear:
- * A 8 byte input array to be encrypted
- *
- * unsigned char *key:
- * A raw 7-byte array to be expanded to 8 with odd-parity
- *
- * unsigned char *cipher:
- * A 8 byte outut array providing space for the output data
- *
- * DesEncrypt returns 1 on success
- */
-int DesEncrypt(unsigned char *clear, unsigned char *key,
- unsigned char *cipher);
-
-/**
- * This is the DES decrypt functions as described by RFC2759.
- *
- * Parameters:
- * unsigned char *cipher:
- * A 8 byte input array to be decrypted
- *
- * unsigned char *key:
- * A raw 7-byte array to be expanded to a 8-byte key with odd-parity
- *
- * unsigned char *clear:
- * A 8 byte output array providing space for the output data
- *
- * DesDecrypt returns 1 on success
- */
-int DesDecrypt(unsigned char *cipher, unsigned char *key,
- unsigned char *clear);
-
-#endif /* PPP_PPPCRYPT_H */
--- /dev/null
+/*
+ * pppd-private.h - PPP daemon private declarations.
+ *
+ * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name "Carnegie Mellon University" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For permission or any legal
+ * details, please contact
+ * Office of Technology Transfer
+ * Carnegie Mellon University
+ * 5000 Forbes Avenue
+ * Pittsburgh, PA 15213-3890
+ * (412) 268-4387, fax: (412) 268-7395
+ * tech-transfer@andrew.cmu.edu
+ *
+ * 4. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Computing Services
+ * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * $Id: pppd.h,v 1.96 2008/06/23 11:47:18 paulus Exp $
+ */
+
+#ifndef PPP_PPPD_PRIVATE_H
+#define PPP_PPPD_PRIVATE_H
+
+#include <stdio.h> /* for FILE */
+#include <stdlib.h> /* for encrypt */
+#include <unistd.h> /* for setkey */
+#if defined(SOL2)
+#include <net/ppp_defs.h>
+#else
+#include <linux/ppp_defs.h>
+#endif
+
+#include "pppd.h"
+
+#ifdef PPP_WITH_IPV6CP
+#include "eui64.h"
+#endif
+
+/*
+ * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name.
+ * Where should PPP_DRV_NAME come from? Do we include it here?
+ */
+#if !defined(PPP_DRV_NAME)
+#define PPP_DRV_NAME "ppp"
+#endif /* !defined(PPP_DRV_NAME) */
+
+
+#ifndef GIDSET_TYPE
+#define GIDSET_TYPE gid_t
+#endif
+
+/* Structure representing a list of permitted IP addresses. */
+struct permitted_ip {
+ int permit; /* 1 = permit, 0 = forbid */
+ u_int32_t base; /* match if (addr & mask) == base */
+ u_int32_t mask; /* base and mask are in network byte order */
+};
+
+struct notifier {
+ struct notifier *next;
+ ppp_notify_fn *func;
+ void *arg;
+};
+
+/*
+ * Global variables.
+ */
+
+extern int hungup; /* Physical layer has disconnected */
+extern int ifunit; /* Interface unit number */
+extern char ifname[]; /* Interface name (IFNAMSIZ) */
+extern char hostname[]; /* Our hostname */
+extern unsigned char outpacket_buf[]; /* Buffer for outgoing packets */
+extern int devfd; /* fd of underlying device */
+extern int fd_ppp; /* fd for talking PPP */
+extern int baud_rate; /* Current link speed in bits/sec */
+extern char *progname; /* Name of this program */
+extern int redirect_stderr;/* Connector's stderr should go to file */
+extern char peer_authname[];/* Authenticated name of peer */
+extern int auth_done[NUM_PPP]; /* Methods actually used for auth */
+extern int privileged; /* We were run by real-uid root */
+extern int need_holdoff; /* Need holdoff period after link terminates */
+extern char **script_env; /* Environment variables for scripts */
+extern int detached; /* Have detached from controlling tty */
+extern GIDSET_TYPE groups[]; /* groups the user is in */
+extern int ngroups; /* How many groups valid in groups */
+extern int link_stats_valid; /* set if link_stats is valid */
+extern int link_stats_print; /* set if link_stats is to be printed on link termination */
+extern int log_to_fd; /* logging to this fd as well as syslog */
+extern bool log_default; /* log_to_fd is default (stdout) */
+extern char *no_ppp_msg; /* message to print if ppp not in kernel */
+extern bool devnam_fixed; /* can no longer change devnam */
+extern int unsuccess; /* # unsuccessful connection attempts */
+extern int do_callback; /* set if we want to do callback next */
+extern int doing_callback; /* set if this is a callback */
+extern int error_count; /* # of times error() has been called */
+extern char ppp_devname[]; /* name of PPP tty (maybe ttypx) */
+extern int fd_devnull; /* fd open to /dev/null */
+
+extern int listen_time; /* time to listen first (ms) */
+extern bool bundle_eof;
+extern bool bundle_terminating;
+
+extern struct notifier *pidchange; /* for notifications of pid changing */
+extern struct notifier *phasechange; /* for notifications of phase changes */
+extern struct notifier *exitnotify; /* for notification that we're exiting */
+extern struct notifier *sigreceived; /* notification of received signal */
+extern struct notifier *ip_up_notifier; /* IPCP has come up */
+extern struct notifier *ip_down_notifier; /* IPCP has gone down */
+extern struct notifier *ipv6_up_notifier; /* IPV6CP has come up */
+extern struct notifier *ipv6_down_notifier; /* IPV6CP has gone down */
+extern struct notifier *auth_up_notifier; /* peer has authenticated */
+extern struct notifier *link_down_notifier; /* link has gone down */
+extern struct notifier *fork_notifier; /* we are a new child process */
+
+
+/* Values for do_callback and doing_callback */
+#define CALLBACK_DIALIN 1 /* we are expecting the call back */
+#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */
+
+/*
+ * Variables set by command-line options.
+ */
+
+extern int debug; /* Debug flag */
+extern int kdebugflag; /* Tell kernel to print debug messages */
+extern int default_device; /* Using /dev/tty or equivalent */
+extern char devnam[]; /* Device name */
+extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
+extern int ppp_session_number; /* Session number (eg PPPoE session) */
+extern int crtscts; /* Use hardware flow control */
+extern int stop_bits; /* Number of serial port stop bits */
+extern bool modem; /* Use modem control lines */
+extern int inspeed; /* Input/Output speed requested */
+extern u_int32_t netmask; /* IP netmask to set on interface */
+extern bool lockflag; /* Create lock file to lock the serial dev */
+extern bool nodetach; /* Don't detach from controlling tty */
+#ifdef SYSTEMD
+extern bool up_sdnotify; /* Notify systemd once link is up (implies nodetach) */
+#endif
+extern bool updetach; /* Detach from controlling tty when link up */
+extern bool master_detach; /* Detach when multilink master without link (options.c) */
+extern char *initializer; /* Script to initialize physical link */
+extern char *connect_script; /* Script to establish physical link */
+extern char *disconnect_script; /* Script to disestablish physical link */
+extern char *welcomer; /* Script to welcome client after connection */
+extern char *ptycommand; /* Command to run on other side of pty */
+extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */
+extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */
+extern bool auth_required; /* Peer is required to authenticate */
+extern bool persist; /* Reopen link after it goes down */
+extern bool uselogin; /* Use /etc/passwd for checking PAP */
+extern bool session_mgmt; /* Do session management (login records) */
+extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */
+extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+extern bool explicit_remote;/* remote_name specified with remotename opt */
+extern bool demand; /* Do dial-on-demand */
+extern char *ipparam; /* Extra parameter for ip up/down scripts */
+extern bool cryptpap; /* Others' PAP passwords are encrypted */
+extern int holdoff; /* Dead time before restarting */
+extern bool holdoff_specified; /* true if user gave a holdoff value */
+extern bool notty; /* Stdin/out is not a tty */
+extern char *pty_socket; /* Socket to connect to pty */
+extern char *record_file; /* File to record chars sent/received */
+extern int maxfail; /* Max # of unsuccessful connection attempts */
+extern char linkname[]; /* logical name for link */
+extern bool tune_kernel; /* May alter kernel settings as necessary */
+extern int connect_delay; /* Time to delay after connect script */
+extern int max_data_rate; /* max bytes/sec through charshunt */
+extern int req_unit; /* interface unit number to use */
+extern char path_ipup[]; /* pathname of ip-up script */
+extern char path_ipdown[]; /* pathname of ip-down script */
+extern char req_ifname[]; /* interface name to use (IFNAMSIZ) */
+extern bool multilink; /* enable multilink operation (options.c) */
+extern bool noendpoint; /* don't send or accept endpt. discrim. */
+extern char *bundle_name; /* bundle name for multilink */
+extern bool dump_options; /* print out option values */
+extern bool show_options; /* show all option names and descriptions */
+extern bool dryrun; /* check everything, print options, exit */
+extern int child_wait; /* # seconds to wait for children at end */
+extern char *current_option; /* the name of the option being parsed */
+extern int privileged_option; /* set iff the current option came from root */
+extern char *option_source; /* string saying where the option came from */
+extern int option_priority; /* priority of current options */
+
+#ifdef PPP_WITH_IPV6CP
+extern char path_ipv6up[]; /* pathname of ipv6-up script */
+extern char path_ipv6down[]; /* pathname of ipv6-down script */
+#endif
+
+#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
+#define TLS_VERIFY_NONE "none"
+#define TLS_VERIFY_NAME "name"
+#define TLS_VERIFY_SUBJECT "subject"
+#define TLS_VERIFY_SUFFIX "suffix"
+
+extern char *crl_dir;
+extern char *crl_file;
+extern char *ca_path;
+extern char *cacert_file;
+
+extern char *max_tls_version;
+extern bool tls_verify_key_usage;
+extern char *tls_verify_method;
+#endif /* PPP_WITH_EAPTLS || PPP_WITH_PEAP */
+
+#ifdef PPP_WITH_EAPTLS
+extern char *pkcs12_file;
+#endif /* PPP_WITH_EAPTLS */
+
+typedef enum {
+ PPP_OCTETS_DIRECTION_SUM,
+ PPP_OCTETS_DIRECTION_IN,
+ PPP_OCTETS_DIRECTION_OUT,
+ PPP_OCTETS_DIRECTION_MAXOVERAL,
+ PPP_OCTETS_DIRECTION_MAXSESSION /* Same as MAXOVERALL, but a little different for RADIUS */
+} session_limit_dir_t;
+
+extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
+extern session_limit_dir_t maxoctets_dir; /* Direction */
+extern int maxoctets_timeout; /* Timeout for check of octets limit */
+
+#ifdef PPP_WITH_FILTER
+extern struct bpf_program pass_filter; /* Filter for pkts to pass */
+extern struct bpf_program active_filter; /* Filter for link-active pkts */
+#endif
+
+#ifdef PPP_WITH_MSLANMAN
+extern bool ms_lanman; /* Use LanMan password instead of NT */
+ /* Has meaning only with MS-CHAP challenges */
+#endif
+
+/* Values for auth_pending, auth_done */
+#define PAP_WITHPEER 0x1
+#define PAP_PEER 0x2
+#define CHAP_WITHPEER 0x4
+#define CHAP_PEER 0x8
+#define EAP_WITHPEER 0x10
+#define EAP_PEER 0x20
+
+/* Values for auth_done only */
+#define CHAP_MD5_WITHPEER 0x40
+#define CHAP_MD5_PEER 0x80
+#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */
+#define CHAP_MS_WITHPEER 0x100
+#define CHAP_MS_PEER 0x200
+#define CHAP_MS2_WITHPEER 0x400
+#define CHAP_MS2_PEER 0x800
+
+
+/*
+ * This structure contains environment variables that are set or unset
+ * by the user.
+ */
+struct userenv {
+ struct userenv *ue_next;
+ char *ue_value; /* value (set only) */
+ bool ue_isset; /* 1 for set, 0 for unset */
+ bool ue_priv; /* from privileged source */
+ const char *ue_source; /* source name */
+ char ue_name[1]; /* variable name */
+};
+
+extern struct userenv *userenv_list;
+
+/*
+ * Prototypes.
+ */
+
+/* Procedures exported from main.c. */
+void set_ifunit(int); /* set stuff that depends on ifunit */
+void detach(void); /* Detach from controlling tty */
+void die(int); /* Cleanup and exit */
+void quit(void); /* like die(1) */
+
+void record_child(int, char *, void (*) (void *), void *, int);
+int device_script(char *cmd, int in, int out, int dont_wait);
+ /* Run `cmd' with given stdin and stdout */
+pid_t run_program(char *prog, char * const * args, int must_exist,
+ void (*done)(void *), void *arg, int wait);
+ /* Run program prog with args in child */
+void reopen_log(void); /* (re)open the connection to syslog */
+void print_link_stats(void); /* Print stats, if available */
+void reset_link_stats(int); /* Reset (init) stats when link goes up */
+void new_phase(ppp_phase_t); /* signal start of new phase */
+bool in_phase(ppp_phase_t);
+void notify(struct notifier *, int);
+int ppp_send_config(int, int, u_int32_t, int, int);
+int ppp_recv_config(int, int, u_int32_t, int, int);
+const char *protocol_name(int);
+void remove_pidfiles(void);
+void lock_db(void);
+void unlock_db(void);
+
+/* Procedures exported from tty.c. */
+void tty_init(void);
+
+void print_string(char *, int, printer_func, void *);
+ /* Format a string for output */
+ssize_t complete_read(int, void *, size_t);
+ /* read a complete buffer */
+
+/* Procedures exported from auth.c */
+void link_required(int); /* we are starting to use the link */
+void start_link(int); /* bring the link up now */
+void link_terminated(int); /* we are finished with the link */
+void link_down(int); /* the LCP layer has left the Opened state */
+void upper_layers_down(int);/* take all NCPs down */
+void link_established(int); /* the link is up; authenticate now */
+void start_networks(int); /* start all the network control protos */
+void continue_networks(int); /* start network [ip, etc] control protos */
+void np_up(int, int); /* a network protocol has come up */
+void np_down(int, int); /* a network protocol has gone down */
+void np_finished(int, int); /* a network protocol no longer needs link */
+void auth_peer_fail(int, int);
+ /* peer failed to authenticate itself */
+void auth_peer_success(int, int, int, char *, int);
+ /* peer successfully authenticated itself */
+void auth_withpeer_fail(int, int);
+ /* we failed to authenticate ourselves */
+void auth_withpeer_success(int, int, int);
+ /* we successfully authenticated ourselves */
+void auth_check_options(void);
+ /* check authentication options supplied */
+void auth_reset(int); /* check what secrets we have */
+int check_passwd(int, char *, int, char *, int, char **);
+ /* Check peer-supplied username/password */
+int get_secret(int, char *, char *, char *, int *, int);
+ /* get "secret" for chap */
+int get_srp_secret(int unit, char *client, char *server, char *secret,
+ int am_server);
+int auth_ip_addr(int, u_int32_t);
+ /* check if IP address is authorized */
+int auth_number(void); /* check if remote number is authorized */
+
+/* Procedures exported from demand.c */
+void demand_conf(void); /* config interface(s) for demand-dial */
+void demand_block(void); /* set all NPs to queue up packets */
+void demand_unblock(void); /* set all NPs to pass packets */
+void demand_discard(void); /* set all NPs to discard packets */
+void demand_rexmit(int); /* retransmit saved frames for an NP */
+int loop_chars(unsigned char *, int); /* process chars from loopback */
+int loop_frame(unsigned char *, int); /* should we bring link up? */
+
+/* Procedures exported from sys-*.c */
+void sys_init(void); /* Do system-dependent initialization */
+void sys_cleanup(void); /* Restore system state before exiting */
+int sys_check_options(void); /* Check options specified */
+int get_pty(int *, int *, char *, int); /* Get pty master/slave */
+int open_ppp_loopback(void); /* Open loopback for demand-dialling */
+int tty_establish_ppp(int); /* Turn serial port into a ppp interface */
+void tty_disestablish_ppp(int); /* Restore port to normal operation */
+void make_new_bundle(int, int, int, int); /* Create new bundle */
+int bundle_attach(int); /* Attach link to existing bundle */
+void cfg_bundle(int, int, int, int); /* Configure existing bundle */
+void destroy_bundle(void); /* Tell driver to destroy bundle */
+void clean_check(void); /* Check if line was 8-bit clean */
+void set_up_tty(int, int); /* Set up port's speed, parameters, etc. */
+void restore_tty(int); /* Restore port's original parameters */
+void setdtr(int, int); /* Raise or lower port's DTR line */
+void output(int, unsigned char *, int); /* Output a PPP packet */
+void wait_input(struct timeval *);
+ /* Wait for input, with timeout */
+void add_fd(int); /* Add fd to set to wait for */
+void remove_fd(int); /* Remove fd from set to wait for */
+int read_packet(unsigned char *); /* Read PPP packet */
+int get_loop_output(void); /* Read pkts from loopback */
+void tty_send_config(int, u_int32_t, int, int);
+ /* Configure i/f transmit parameters */
+void tty_set_xaccm(ext_accm);
+ /* Set extended transmit ACCM */
+void tty_recv_config(int, u_int32_t, int, int);
+ /* Configure i/f receive parameters */
+int ccp_test(int, unsigned char *, int, int);
+ /* Test support for compression scheme */
+void ccp_flags_set(int, int, int);
+ /* Set kernel CCP state */
+int ccp_fatal_error(int); /* Test for fatal decomp error in kernel */
+int get_idle_time(int, struct ppp_idle *);
+ /* Find out how long link has been idle */
+int get_ppp_stats(int, struct pppd_stats *);
+ /* Return link statistics */
+int sifvjcomp(int, int, int, int);
+ /* Configure VJ TCP header compression */
+int sifup(int); /* Configure i/f up for one protocol */
+int sifnpmode(int u, int proto, enum NPmode mode);
+ /* Set mode for handling packets for proto */
+int sifdown(int); /* Configure i/f down for one protocol */
+int sifaddr(int, u_int32_t, u_int32_t, u_int32_t);
+ /* Configure IPv4 addresses for i/f */
+int cifaddr(int, u_int32_t, u_int32_t);
+ /* Reset i/f IP addresses */
+#ifdef PPP_WITH_IPV6CP
+int sif6up(int); /* Configure i/f up for IPv6 */
+int sif6down(int); /* Configure i/f down for IPv6 */
+int sif6addr(int, eui64_t, eui64_t);
+ /* Configure IPv6 addresses for i/f */
+int cif6addr(int, eui64_t, eui64_t);
+ /* Remove an IPv6 address from i/f */
+#endif
+int sifdefaultroute(int, u_int32_t, u_int32_t, bool replace_default_rt);
+ /* Create default route through i/f */
+int cifdefaultroute(int, u_int32_t, u_int32_t);
+ /* Delete default route through i/f */
+#ifdef PPP_WITH_IPV6CP
+int sif6defaultroute(int, eui64_t, eui64_t);
+ /* Create default IPv6 route through i/f */
+int cif6defaultroute(int, eui64_t, eui64_t);
+ /* Delete default IPv6 route through i/f */
+#endif
+int sifproxyarp(int, u_int32_t);
+ /* Add proxy ARP entry for peer */
+int cifproxyarp(int, u_int32_t);
+ /* Delete proxy ARP entry for peer */
+u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */
+int lock(char *); /* Create lock file for device */
+int relock(int); /* Rewrite lock file with new pid */
+void unlock(void); /* Delete previously-created lock file */
+void logwtmp(const char *, const char *, const char *);
+ /* Write entry to wtmp file */
+int get_host_seed(void); /* Get host-dependent random number seed */
+int have_route_to(u_int32_t); /* Check if route to addr exists */
+#ifdef PPP_WITH_FILTER
+int set_filters(struct bpf_program *pass, struct bpf_program *active);
+ /* Set filter programs in kernel */
+#endif
+int get_if_hwaddr(unsigned char *addr, char *name);
+int get_first_ether_hwaddr(unsigned char *addr);
+
+/* Procedures exported from options.c */
+int setipaddr(char *, char **, int); /* Set local/remote ip addresses */
+int parse_args(int argc, char **argv);
+ /* Parse options from arguments given */
+int getword(FILE *f, char *word, int *newlinep, char *filename);
+ /* Read a word from a file */
+int options_from_user(void); /* Parse options from user's .ppprc */
+int options_for_tty(void); /* Parse options from /etc/ppp/options.tty */
+struct wordlist;
+int options_from_list(struct wordlist *, int privileged);
+ /* Parse options from a wordlist */
+void check_options(void); /* check values after all options parsed */
+int override_value(char *, int, const char *);
+ /* override value if permitted by priority */
+void print_options(printer_func, void *);
+ /* print out values of all options */
+void showopts(void);
+ /* show all option names and description */
+int parse_dotted_ip(char *, u_int32_t *);
+
+/*
+ * Inline versions of get/put char/short/long.
+ * Pointer is advanced; we assume that both arguments
+ * are lvalues and will already be in registers.
+ * cp MUST be unsigned char *.
+ */
+#define GETCHAR(c, cp) { \
+ (c) = *(cp)++; \
+}
+#define PUTCHAR(c, cp) { \
+ *(cp)++ = (unsigned char) (c); \
+}
+
+
+#define GETSHORT(s, cp) { \
+ (s) = *(cp)++ << 8; \
+ (s) |= *(cp)++; \
+}
+#define PUTSHORT(s, cp) { \
+ *(cp)++ = (unsigned char) ((s) >> 8); \
+ *(cp)++ = (unsigned char) (s); \
+}
+
+#define GETLONG(l, cp) { \
+ (l) = *(cp)++ << 8; \
+ (l) |= *(cp)++; (l) <<= 8; \
+ (l) |= *(cp)++; (l) <<= 8; \
+ (l) |= *(cp)++; \
+}
+#define PUTLONG(l, cp) { \
+ *(cp)++ = (unsigned char) ((l) >> 24); \
+ *(cp)++ = (unsigned char) ((l) >> 16); \
+ *(cp)++ = (unsigned char) ((l) >> 8); \
+ *(cp)++ = (unsigned char) (l); \
+}
+
+#define INCPTR(n, cp) ((cp) += (n))
+#define DECPTR(n, cp) ((cp) -= (n))
+
+/*
+ * System dependent definitions for user-level 4.3BSD UNIX implementation.
+ */
+
+#define TIMEOUT(r, f, t) ppp_timeout((r), (f), (t), 0)
+#define UNTIMEOUT(r, f) ppp_untimeout((r), (f))
+
+#define BCOPY(s, d, l) memcpy(d, s, l)
+#define BZERO(s, n) memset(s, 0, n)
+#define BCMP(s1, s2, l) memcmp(s1, s2, l)
+
+#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); }
+
+/*
+ * MAKEHEADER - Add Header fields to a packet.
+ */
+#define MAKEHEADER(p, t) { \
+ PUTCHAR(PPP_ALLSTATIONS, p); \
+ PUTCHAR(PPP_UI, p); \
+ PUTSHORT(t, p); }
+
+/*
+ * Debug macros. Slightly useful for finding bugs in pppd, not particularly
+ * useful for finding out why your connection isn't being established.
+ */
+#ifdef DEBUGALL
+#define DEBUGMAIN 1
+#define DEBUGFSM 1
+#define DEBUGLCP 1
+#define DEBUGIPCP 1
+#define DEBUGIPV6CP 1
+#define DEBUGUPAP 1
+#define DEBUGCHAP 1
+#endif
+
+#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */
+#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
+ || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
+ || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
+#define LOG_PPP LOG_LOCAL2
+#else
+#define LOG_PPP LOG_DAEMON
+#endif
+#endif /* LOG_PPP */
+
+#ifdef DEBUGMAIN
+#define MAINDEBUG(x) if (debug) dbglog x
+#else
+#define MAINDEBUG(x)
+#endif
+
+#ifdef DEBUGSYS
+#define SYSDEBUG(x) if (debug) dbglog x
+#else
+#define SYSDEBUG(x)
+#endif
+
+#ifdef DEBUGFSM
+#define FSMDEBUG(x) if (debug) dbglog x
+#else
+#define FSMDEBUG(x)
+#endif
+
+#ifdef DEBUGLCP
+#define LCPDEBUG(x) if (debug) dbglog x
+#else
+#define LCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPCP
+#define IPCPDEBUG(x) if (debug) dbglog x
+#else
+#define IPCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPV6CP
+#define IPV6CPDEBUG(x) if (debug) dbglog x
+#else
+#define IPV6CPDEBUG(x)
+#endif
+
+#ifdef DEBUGUPAP
+#define UPAPDEBUG(x) if (debug) dbglog x
+#else
+#define UPAPDEBUG(x)
+#endif
+
+#ifdef DEBUGCHAP
+#define CHAPDEBUG(x) if (debug) dbglog x
+#else
+#define CHAPDEBUG(x)
+#endif
+
+#ifndef SIGTYPE
+#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
+#define SIGTYPE void
+#else
+#define SIGTYPE int
+#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
+#endif /* SIGTYPE */
+
+#ifndef MIN
+#define MIN(a, b) ((a) < (b)? (a): (b))
+#endif
+#ifndef MAX
+#define MAX(a, b) ((a) > (b)? (a): (b))
+#endif
+
+#ifndef offsetof
+#define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
+#endif
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * $Id: pppd.h,v 1.96 2008/06/23 11:47:18 paulus Exp $
*/
#ifndef PPP_PPPD_H
#define PPP_PPPD_H
-#include "pppdconf.h"
-
-#include <stdio.h> /* for FILE */
-#include <stdlib.h> /* for encrypt */
-#include <unistd.h> /* for setkey */
+#ifdef HAVE_STDARG_H
#include <stdarg.h>
-#include <stdint.h>
-#include <sys/types.h> /* for u_int32_t, if defined */
-#if defined(SOL2)
-#include <net/ppp_defs.h>
-#else
-#include <linux/ppp_defs.h>
#endif
-#ifdef PPP_WITH_IPV6CP
-#if defined(SOL2)
-#include <netinet/in.h>
-
-typedef union {
- uint8_t e8[8]; /* lower 64-bit IPv6 address */
- uint32_t e32[2]; /* lower 64-bit IPv6 address */
-} eui64_t;
-
-/*
- * Declare the two below, since in.h only defines them when _KERNEL
- * is declared - which shouldn't be true when dealing with user-land programs
- */
-#define s6_addr8 _S6_un._S6_u8
-#define s6_addr32 _S6_un._S6_u32
+#ifdef HAVE_STDBOOL_H
+#include <stdbool.h>
+#endif
-#else /* else if not defined(SOL2) */
+#ifdef HAVE_STDDEF_H
+#include <stddef.h>
+#endif
-/*
- * TODO:
- *
- * Maybe this should be done by processing struct in6_addr directly...
- */
-typedef union
-{
- u_int8_t e8[8];
- u_int16_t e16[4];
- u_int32_t e32[2];
-} eui64_t;
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
-#endif /* defined(SOL2) */
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
#endif
+#include "pppdconf.h"
+
/*
- * Limits.
+ * Limits
*/
-
#define NUM_PPP 1 /* One PPP interface supported (per process) */
#define MAXWORDLEN 1024 /* max length of word in file (incl null) */
#define MAXARGS 1 /* max # args to a command */
#define MAXNAMELEN 256 /* max length of hostname or name for auth */
#define MAXSECRETLEN 256 /* max length of password or secret */
+
/*
- * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name.
- * Where should PPP_DRV_NAME come from? Do we include it here?
+ * Values for phase.
*/
-#if !defined(PPP_DRV_NAME)
-#define PPP_DRV_NAME "ppp"
-#endif /* !defined(PPP_DRV_NAME) */
+typedef enum ppp_phase
+{
+ PHASE_DEAD,
+ PHASE_INITIALIZE,
+ PHASE_SERIALCONN,
+ PHASE_DORMANT,
+ PHASE_ESTABLISH,
+ PHASE_AUTHENTICATE,
+ PHASE_CALLBACK,
+ PHASE_NETWORK,
+ PHASE_RUNNING,
+ PHASE_TERMINATE,
+ PHASE_DISCONNECT,
+ PHASE_HOLDOFF,
+ PHASE_MASTER,
+} ppp_phase_t;
/*
- * Option descriptor structure.
+ * Values for exit codes
*/
+typedef enum ppp_exit_code
+{
+ EXIT_OK = 0,
+ EXIT_FATAL_ERROR = 1,
+ EXIT_OPTION_ERROR = 2,
+ EXIT_NOT_ROOT = 3,
+ EXIT_NO_KERNEL_SUPPORT = 4,
+ EXIT_USER_REQUEST = 5,
+ EXIT_LOCK_FAILED = 6,
+ EXIT_OPEN_FAILED = 7,
+ EXIT_CONNECT_FAILED = 8,
+ EXIT_PTYCMD_FAILED = 9,
+ EXIT_NEGOTIATION_FAILED = 10,
+ EXIT_PEER_AUTH_FAILED = 11,
+ EXIT_IDLE_TIMEOUT = 12,
+ EXIT_CONNECT_TIME = 13,
+ EXIT_CALLBACK = 14,
+ EXIT_PEER_DEAD = 15,
+ EXIT_HANGUP = 16,
+ EXIT_LOOPBACK = 17,
+ EXIT_INIT_FAILED = 18,
+ EXIT_AUTH_TOPEER_FAILED = 19,
+ EXIT_TRAFFIC_LIMIT = 20,
+ EXIT_CNID_AUTH_FAILED = 21
+} ppp_exit_code_t;
-typedef unsigned char bool;
-
-enum opt_type {
- o_special_noarg = 0,
- o_special = 1,
- o_bool,
- o_int,
- o_uint32,
- o_string,
- o_wild
-};
-
-typedef struct {
- char *name; /* name of the option */
- enum opt_type type;
- void *addr;
- char *description;
- unsigned int flags;
- void *addr2;
- int upper_limit;
- int lower_limit;
- const char *source;
- short int priority;
- short int winner;
-} option_t;
-
-/* Values for flags */
-#define OPT_VALUE 0xff /* mask for presupplied value */
-#define OPT_HEX 0x100 /* int option is in hex */
-#define OPT_NOARG 0x200 /* option doesn't take argument */
-#define OPT_OR 0x400 /* for u32, OR in argument to value */
-#define OPT_INC 0x400 /* for o_int, increment value */
-#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */
-#define OPT_PRIV 0x1000 /* privileged option */
-#define OPT_STATIC 0x2000 /* string option goes into static array */
-#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */
-#define OPT_LLIMIT 0x4000 /* check value against lower limit */
-#define OPT_ULIMIT 0x8000 /* check value against upper limit */
-#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT)
-#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */
-#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */
-#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */
-#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */
-#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */
-#define OPT_PRIO 0x80000 /* process option priorities for this option */
-#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */
-#define OPT_ALIAS 0x200000 /* option is alias for previous option */
-#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */
-#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */
-#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */
-#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */
-#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */
-#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */
-#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV)
-#define OPT_A2PRINTER 0x10000000 /* *addr2 printer_func to print option */
-#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */
-#define OPT_NOPRINT 0x40000000 /* don't print this option at all */
-
-#define OPT_VAL(x) ((x) & OPT_VALUE)
-
-/* Values for priority */
-#define OPRIO_DEFAULT 0 /* a default value */
-#define OPRIO_CFGFILE 1 /* value from a configuration file */
-#define OPRIO_CMDLINE 2 /* value from the command line */
-#define OPRIO_SECFILE 3 /* value from options in a secrets file */
-#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */
-
-#ifndef GIDSET_TYPE
-#define GIDSET_TYPE gid_t
-#endif
-
-/* Structure representing a list of permitted IP addresses. */
-struct permitted_ip {
- int permit; /* 1 = permit, 0 = forbid */
- u_int32_t base; /* match if (addr & mask) == base */
- u_int32_t mask; /* base and mask are in network byte order */
-};
+/*
+ * Type of notifier callbacks
+ */
+typedef enum
+{
+ NF_PID_CHANGE,
+ NF_PHASE_CHANGE,
+ NF_EXIT,
+ NF_SIGNALED,
+ NF_IP_UP,
+ NF_IP_DOWN,
+ NF_IPV6_UP,
+ NF_IPV6_DOWN,
+ NF_AUTH_UP,
+ NF_LINK_DOWN,
+ NF_FORK,
+ NF_MAX_NOTIFY
+} ppp_notify_t;
+
+typedef enum
+{
+ PPP_DIR_LOG,
+ PPP_DIR_RUNTIME,
+ PPP_DIR_CONF,
+ PPP_DIR_PLUGIN,
+} ppp_path_t;
/*
* Unfortunately, the linux kernel driver uses a different structure
* This structure serves as a common representation for the bits
* pppd needs.
*/
-struct pppd_stats {
+struct pppd_stats
+{
uint64_t bytes_in;
uint64_t bytes_out;
unsigned int pkts_in;
unsigned int pkts_out;
};
+typedef struct pppd_stats ppp_link_stats_st;
-/* Used for storing a sequence of words. Usually malloced. */
+/*
+ * Used for storing a sequence of words. Usually malloced.
+ */
struct wordlist {
struct wordlist *next;
char *word;
};
-/* An endpoint discriminator, used with multilink. */
-#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */
-struct epdisc {
- unsigned char class;
- unsigned char length;
- unsigned char value[MAX_ENDP_LEN];
-};
-
-/* values for epdisc.class */
-#define EPD_NULL 0 /* null discriminator, no data */
-#define EPD_LOCAL 1
-#define EPD_IP 2
-#define EPD_MAC 3
-#define EPD_MAGIC 4
-#define EPD_PHONENUM 5
-
-typedef void (*notify_func)(void *, int);
+struct option;
typedef void (*printer_func)(void *, char *, ...);
-struct notifier {
- struct notifier *next;
- notify_func func;
- void *arg;
-};
-
-/*
- * Global variables.
- */
-
-extern int got_sigterm; /* SIGINT or SIGTERM was received */
-extern int hungup; /* Physical layer has disconnected */
-extern int ifunit; /* Interface unit number */
-extern char ifname[]; /* Interface name (IFNAMSIZ) */
-extern char hostname[]; /* Our hostname */
-extern u_char outpacket_buf[]; /* Buffer for outgoing packets */
-extern int devfd; /* fd of underlying device */
-extern int fd_ppp; /* fd for talking PPP */
-extern int phase; /* Current state of link - see values below */
-extern int baud_rate; /* Current link speed in bits/sec */
-extern char *progname; /* Name of this program */
-extern int redirect_stderr;/* Connector's stderr should go to file */
-extern char peer_authname[];/* Authenticated name of peer */
-extern int auth_done[NUM_PPP]; /* Methods actually used for auth */
-extern int privileged; /* We were run by real-uid root */
-extern int need_holdoff; /* Need holdoff period after link terminates */
-extern char **script_env; /* Environment variables for scripts */
-extern int detached; /* Have detached from controlling tty */
-extern GIDSET_TYPE groups[]; /* groups the user is in */
-extern int ngroups; /* How many groups valid in groups */
-extern struct pppd_stats link_stats; /* byte/packet counts etc. for link */
-extern int link_stats_valid; /* set if link_stats is valid */
-extern unsigned link_connect_time; /* time the link was up for */
-extern int using_pty; /* using pty as device (notty or pty opt.) */
-extern int log_to_fd; /* logging to this fd as well as syslog */
-extern bool log_default; /* log_to_fd is default (stdout) */
-extern char *no_ppp_msg; /* message to print if ppp not in kernel */
-extern volatile int status; /* exit status for pppd */
-extern bool devnam_fixed; /* can no longer change devnam */
-extern int unsuccess; /* # unsuccessful connection attempts */
-extern int do_callback; /* set if we want to do callback next */
-extern int doing_callback; /* set if this is a callback */
-extern int error_count; /* # of times error() has been called */
-extern char ppp_devnam[]; /* name of PPP tty (maybe ttypx) */
-extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
-extern int ppp_session_number; /* Session number (eg PPPoE session) */
-extern int fd_devnull; /* fd open to /dev/null */
-
-extern int listen_time; /* time to listen first (ms) */
-extern bool doing_multilink;
-extern bool multilink_master;
-extern bool bundle_eof;
-extern bool bundle_terminating;
-
-extern struct notifier *pidchange; /* for notifications of pid changing */
-extern struct notifier *phasechange; /* for notifications of phase changes */
-extern struct notifier *exitnotify; /* for notification that we're exiting */
-extern struct notifier *sigreceived; /* notification of received signal */
-extern struct notifier *ip_up_notifier; /* IPCP has come up */
-extern struct notifier *ip_down_notifier; /* IPCP has gone down */
-extern struct notifier *ipv6_up_notifier; /* IPV6CP has come up */
-extern struct notifier *ipv6_down_notifier; /* IPV6CP has gone down */
-extern struct notifier *auth_up_notifier; /* peer has authenticated */
-extern struct notifier *link_down_notifier; /* link has gone down */
-extern struct notifier *fork_notifier; /* we are a new child process */
-
-/* Values for do_callback and doing_callback */
-#define CALLBACK_DIALIN 1 /* we are expecting the call back */
-#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */
-
-/*
- * Variables set by command-line options.
- */
-
-extern int debug; /* Debug flag */
-extern int kdebugflag; /* Tell kernel to print debug messages */
-extern int default_device; /* Using /dev/tty or equivalent */
-extern char devnam[]; /* Device name */
-extern int crtscts; /* Use hardware flow control */
-extern int stop_bits; /* Number of serial port stop bits */
-extern bool modem; /* Use modem control lines */
-extern int inspeed; /* Input/Output speed requested */
-extern u_int32_t netmask; /* IP netmask to set on interface */
-extern bool lockflag; /* Create lock file to lock the serial dev */
-extern bool nodetach; /* Don't detach from controlling tty */
-#ifdef SYSTEMD
-extern bool up_sdnotify; /* Notify systemd once link is up (implies nodetach) */
-#endif
-extern bool updetach; /* Detach from controlling tty when link up */
-extern bool master_detach; /* Detach when multilink master without link */
-extern char *initializer; /* Script to initialize physical link */
-extern char *connect_script; /* Script to establish physical link */
-extern char *disconnect_script; /* Script to disestablish physical link */
-extern char *welcomer; /* Script to welcome client after connection */
-extern char *ptycommand; /* Command to run on other side of pty */
-extern int maxconnect; /* Maximum connect time (seconds) */
-extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */
-extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */
-extern bool auth_required; /* Peer is required to authenticate */
-extern bool persist; /* Reopen link after it goes down */
-extern bool uselogin; /* Use /etc/passwd for checking PAP */
-extern bool session_mgmt; /* Do session management (login records) */
-extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */
-extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
-extern bool explicit_remote;/* remote_name specified with remotename opt */
-extern bool demand; /* Do dial-on-demand */
-extern char *ipparam; /* Extra parameter for ip up/down scripts */
-extern bool cryptpap; /* Others' PAP passwords are encrypted */
-extern int idle_time_limit;/* Shut down link if idle for this long */
-extern int holdoff; /* Dead time before restarting */
-extern bool holdoff_specified; /* true if user gave a holdoff value */
-extern bool notty; /* Stdin/out is not a tty */
-extern char *pty_socket; /* Socket to connect to pty */
-extern char *record_file; /* File to record chars sent/received */
-extern bool sync_serial; /* Device is synchronous serial device */
-extern int maxfail; /* Max # of unsuccessful connection attempts */
-extern char linkname[]; /* logical name for link */
-extern bool tune_kernel; /* May alter kernel settings as necessary */
-extern int connect_delay; /* Time to delay after connect script */
-extern int max_data_rate; /* max bytes/sec through charshunt */
-extern int req_unit; /* interface unit number to use */
-extern char path_ipup[]; /* pathname of ip-up script */
-extern char path_ipdown[]; /* pathname of ip-down script */
-extern char req_ifname[]; /* interface name to use (IFNAMSIZ) */
-extern bool multilink; /* enable multilink operation */
-extern bool noendpoint; /* don't send or accept endpt. discrim. */
-extern char *bundle_name; /* bundle name for multilink */
-extern bool dump_options; /* print out option values */
-extern bool show_options; /* show all option names and descriptions */
-extern bool dryrun; /* check everything, print options, exit */
-extern int child_wait; /* # seconds to wait for children at end */
-
-#ifdef PPP_WITH_IPV6CP
-extern char path_ipv6up[]; /* pathname of ipv6-up script */
-extern char path_ipv6down[]; /* pathname of ipv6-down script */
-#endif
-
-#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
-#define TLS_VERIFY_NONE "none"
-#define TLS_VERIFY_NAME "name"
-#define TLS_VERIFY_SUBJECT "subject"
-#define TLS_VERIFY_SUFFIX "suffix"
-
-extern char *crl_dir;
-extern char *crl_file;
-extern char *ca_path;
-extern char *cacert_file;
-
-extern char *max_tls_version;
-extern bool tls_verify_key_usage;
-extern char *tls_verify_method;
-#endif /* PPP_WITH_EAPTLS || PPP_WITH_PEAP */
-
-#ifdef PPP_WITH_EAPTLS
-extern char *pkcs12_file;
-#endif /* PPP_WITH_EAPTLS */
-
-extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
-extern int maxoctets_dir; /* Direction :
- 0 - in+out (default)
- 1 - in
- 2 - out
- 3 - max(in,out) */
-extern int maxoctets_timeout; /* Timeout for check of octets limit */
-#define PPP_OCTETS_DIRECTION_SUM 0
-#define PPP_OCTETS_DIRECTION_IN 1
-#define PPP_OCTETS_DIRECTION_OUT 2
-#define PPP_OCTETS_DIRECTION_MAXOVERAL 3
-/* same as previos, but little different on RADIUS side */
-#define PPP_OCTETS_DIRECTION_MAXSESSION 4
-
-#ifdef PPP_WITH_FILTER
-extern struct bpf_program pass_filter; /* Filter for pkts to pass */
-extern struct bpf_program active_filter; /* Filter for link-active pkts */
-#endif
-
-#ifdef PPP_WITH_MSLANMAN
-extern bool ms_lanman; /* Use LanMan password instead of NT */
- /* Has meaning only with MS-CHAP challenges */
-#endif
-
-/* Values for auth_pending, auth_done */
-#define PAP_WITHPEER 0x1
-#define PAP_PEER 0x2
-#define CHAP_WITHPEER 0x4
-#define CHAP_PEER 0x8
-#define EAP_WITHPEER 0x10
-#define EAP_PEER 0x20
-
-/* Values for auth_done only */
-#define CHAP_MD5_WITHPEER 0x40
-#define CHAP_MD5_PEER 0x80
-#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */
-#define CHAP_MS_WITHPEER 0x100
-#define CHAP_MS_PEER 0x200
-#define CHAP_MS2_WITHPEER 0x400
-#define CHAP_MS2_PEER 0x800
-
-extern char *current_option; /* the name of the option being parsed */
-extern int privileged_option; /* set iff the current option came from root */
-extern char *option_source; /* string saying where the option came from */
-extern int option_priority; /* priority of current options */
-
/*
- * Values for phase.
- */
-#define PHASE_DEAD 0
-#define PHASE_INITIALIZE 1
-#define PHASE_SERIALCONN 2
-#define PHASE_DORMANT 3
-#define PHASE_ESTABLISH 4
-#define PHASE_AUTHENTICATE 5
-#define PHASE_CALLBACK 6
-#define PHASE_NETWORK 7
-#define PHASE_RUNNING 8
-#define PHASE_TERMINATE 9
-#define PHASE_DISCONNECT 10
-#define PHASE_HOLDOFF 11
-#define PHASE_MASTER 12
-
-/*
- * The following struct gives the addresses of procedures to call
- * for a particular protocol.
+ * The following struct gives the addresses of procedures to call for a particular protocol.
*/
struct protent {
- u_short protocol; /* PPP protocol number */
+ /* PPP protocol number */
+ unsigned short protocol;
/* Initialization procedure */
void (*init)(int unit);
/* Process a received packet */
- void (*input)(int unit, u_char *pkt, int len);
+ void (*input)(int unit, unsigned char *pkt, int len);
/* Process a received protocol-reject */
void (*protrej)(int unit);
/* Lower layer has come up */
/* Close the protocol */
void (*close)(int unit, char *reason);
/* Print a packet in readable form */
- int (*printpkt)(u_char *pkt, int len, printer_func printer, void *arg);
+ int (*printpkt)(unsigned char *pkt, int len, printer_func printer, void *arg);
/* Process a received data packet */
- void (*datainput)(int unit, u_char *pkt, int len);
- bool enabled_flag; /* 0 iff protocol is disabled */
- char *name; /* Text name of protocol */
- char *data_name; /* Text name of corresponding data protocol */
- option_t *options; /* List of command-line options */
+ void (*datainput)(int unit, unsigned char *pkt, int len);
+ /* 0 iff protocol is disabled */
+ bool enabled_flag;
+ /* Text name of protocol */
+ char *name;
+ /* Text name of corresponding data protocol */
+ char *data_name;
+ /* List of command-line options */
+ struct option *options;
/* Check requested options, assign defaults */
void (*check_options)(void);
/* Configure interface for demand-dial */
int (*demand_conf)(int unit);
/* Say whether to bring up link for this pkt */
- int (*active_pkt)(u_char *pkt, int len);
+ int (*active_pkt)(unsigned char *pkt, int len);
};
/* Table of pointers to supported protocols */
extern struct protent *protocols[];
+
/*
- * This struct contains pointers to a set of procedures for
- * doing operations on a "channel". A channel provides a way
- * to send and receive PPP packets - the canonical example is
- * a serial port device in PPP line discipline (or equivalently
- * with PPP STREAMS modules pushed onto it).
+ * This struct contains pointers to a set of procedures for doing operations on a "channel".
+ * A channel provides a way to send and receive PPP packets - the canonical example is a serial
+ * port device in PPP line discipline (or equivalently with PPP STREAMS modules pushed onto it).
*/
struct channel {
/* set of options for this channel */
- option_t *options;
+ struct option *options;
/* find and process a per-channel options file */
void (*process_extra_options)(void);
/* check all the options that have been given */
/* take the channel out of PPP `mode', restore loopback if demand */
void (*disestablish_ppp)(int);
/* set the transmit-side PPP parameters of the channel */
- void (*send_config)(int, u_int32_t, int, int);
+ void (*send_config)(int, uint32_t, int, int);
/* set the receive-side PPP parameters of the channel */
- void (*recv_config)(int, u_int32_t, int, int);
+ void (*recv_config)(int, uint32_t, int, int);
/* cleanup on error or normal exit */
void (*cleanup)(void);
/* close the device, called in children after fork */
extern struct channel *the_channel;
+
/*
- * This structure contains environment variables that are set or unset
- * by the user.
+ * Functions for string formatting and debugging
*/
-struct userenv {
- struct userenv *ue_next;
- char *ue_value; /* value (set only) */
- bool ue_isset; /* 1 for set, 0 for unset */
- bool ue_priv; /* from privileged source */
- const char *ue_source; /* source name */
- char ue_name[1]; /* variable name */
-};
-extern struct userenv *userenv_list;
-
-/*
- * Prototypes.
- */
-
-/* Procedures exported from main.c. */
-void set_ifunit(int); /* set stuff that depends on ifunit */
-void detach(void); /* Detach from controlling tty */
-void die(int); /* Cleanup and exit */
-void quit(void); /* like die(1) */
-void novm(char *); /* Say we ran out of memory, and die */
-void timeout(void (*func)(void *), void *arg, int s, int us);
- /* Call func(arg) after s.us seconds */
-void untimeout(void (*func)(void *), void *arg);
- /* Cancel call to func(arg) */
-void record_child(int, char *, void (*) (void *), void *, int);
-pid_t safe_fork(int, int, int); /* Fork & close stuff in child */
-int device_script(char *cmd, int in, int out, int dont_wait);
- /* Run `cmd' with given stdin and stdout */
-pid_t run_program(char *prog, char **args, int must_exist,
- void (*done)(void *), void *arg, int wait);
- /* Run program prog with args in child */
-void reopen_log(void); /* (re)open the connection to syslog */
-void print_link_stats(void); /* Print stats, if available */
-void reset_link_stats(int); /* Reset (init) stats when link goes up */
-void update_link_stats(int); /* Get stats at link termination */
-void script_setenv(char *, char *, int); /* set script env var */
-void script_unsetenv(char *); /* unset script env var */
-void new_phase(int); /* signal start of new phase */
-void add_notifier(struct notifier **, notify_func, void *);
-void remove_notifier(struct notifier **, notify_func, void *);
-void notify(struct notifier *, int);
-int ppp_send_config(int, int, u_int32_t, int, int);
-int ppp_recv_config(int, int, u_int32_t, int, int);
-const char *protocol_name(int);
-void remove_pidfiles(void);
-void lock_db(void);
-void unlock_db(void);
-
-/* Procedures exported from tty.c. */
-void tty_init(void);
-
-/* Procedures exported from utils.c. */
-void log_packet(u_char *, int, char *, int);
- /* Format a packet and log it with syslog */
-void print_string(char *, int, printer_func, void *);
- /* Format a string for output */
-int slprintf(char *, int, char *, ...); /* sprintf++ */
-int vslprintf(char *, int, char *, va_list); /* vsprintf++ */
-size_t strlcpy(char *, const char *, size_t); /* safe strcpy */
-size_t strlcat(char *, const char *, size_t); /* safe strncpy */
-void dbglog(char *, ...); /* log a debug message */
-void info(char *, ...); /* log an informational message */
-void notice(char *, ...); /* log a notice-level message */
-void warn(char *, ...); /* log a warning message */
-void error(char *, ...); /* log an error message */
-void fatal(char *, ...); /* log an error message and die(1) */
-void init_pr_log(const char *, int); /* initialize for using pr_log */
-void pr_log(void *, char *, ...); /* printer fn, output to syslog */
-void end_pr_log(void); /* finish up after using pr_log */
-void dump_packet(const char *, u_char *, int);
- /* dump packet to debug log if interesting */
-ssize_t complete_read(int, void *, size_t);
- /* read a complete buffer */
-
-/* Procedures exported from auth.c */
-void link_required(int); /* we are starting to use the link */
-void start_link(int); /* bring the link up now */
-void link_terminated(int); /* we are finished with the link */
-void link_down(int); /* the LCP layer has left the Opened state */
-void upper_layers_down(int);/* take all NCPs down */
-void link_established(int); /* the link is up; authenticate now */
-void start_networks(int); /* start all the network control protos */
-void continue_networks(int); /* start network [ip, etc] control protos */
-void np_up(int, int); /* a network protocol has come up */
-void np_down(int, int); /* a network protocol has gone down */
-void np_finished(int, int); /* a network protocol no longer needs link */
-void auth_peer_fail(int, int);
- /* peer failed to authenticate itself */
-void auth_peer_success(int, int, int, char *, int);
- /* peer successfully authenticated itself */
-void auth_withpeer_fail(int, int);
- /* we failed to authenticate ourselves */
-void auth_withpeer_success(int, int, int);
- /* we successfully authenticated ourselves */
-void auth_check_options(void);
- /* check authentication options supplied */
-void auth_reset(int); /* check what secrets we have */
-int check_passwd(int, char *, int, char *, int, char **);
- /* Check peer-supplied username/password */
-int get_secret(int, char *, char *, char *, int *, int);
- /* get "secret" for chap */
-int get_srp_secret(int unit, char *client, char *server, char *secret,
- int am_server);
-int auth_ip_addr(int, u_int32_t);
- /* check if IP address is authorized */
-int auth_number(void); /* check if remote number is authorized */
-int bad_ip_adrs(u_int32_t);
- /* check if IP address is unreasonable */
-
-/* Procedures exported from demand.c */
-void demand_conf(void); /* config interface(s) for demand-dial */
-void demand_block(void); /* set all NPs to queue up packets */
-void demand_unblock(void); /* set all NPs to pass packets */
-void demand_discard(void); /* set all NPs to discard packets */
-void demand_rexmit(int); /* retransmit saved frames for an NP */
-int loop_chars(unsigned char *, int); /* process chars from loopback */
-int loop_frame(unsigned char *, int); /* should we bring link up? */
-
-/* Procedures exported from multilink.c */
-#ifdef PPP_WITH_MULTILINK
-void mp_check_options(void); /* Check multilink-related options */
-int mp_join_bundle(void); /* join our link to an appropriate bundle */
-void mp_exit_bundle(void); /* have disconnected our link from bundle */
-void mp_bundle_terminated(void);
-char *epdisc_to_str(struct epdisc *); /* string from endpoint discrim. */
-int str_to_epdisc(struct epdisc *, char *); /* endpt disc. from str */
-#else
-#define mp_bundle_terminated() /* nothing */
-#define mp_exit_bundle() /* nothing */
-#define doing_multilink 0
-#define multilink_master 0
-#endif
+/* Is debug enabled */
+bool debug_on();
-/* Procedures exported from sys-*.c */
-void sys_init(void); /* Do system-dependent initialization */
-void sys_cleanup(void); /* Restore system state before exiting */
-int sys_check_options(void); /* Check options specified */
-void sys_close(void); /* Clean up in a child before execing */
-int ppp_available(void); /* Test whether ppp kernel support exists */
-int get_pty(int *, int *, char *, int); /* Get pty master/slave */
-int open_ppp_loopback(void); /* Open loopback for demand-dialling */
-int tty_establish_ppp(int); /* Turn serial port into a ppp interface */
-void tty_disestablish_ppp(int); /* Restore port to normal operation */
-void generic_disestablish_ppp(int dev_fd); /* Restore device setting */
-int generic_establish_ppp(int dev_fd); /* Make a ppp interface */
-void make_new_bundle(int, int, int, int); /* Create new bundle */
-int bundle_attach(int); /* Attach link to existing bundle */
-void cfg_bundle(int, int, int, int); /* Configure existing bundle */
-void destroy_bundle(void); /* Tell driver to destroy bundle */
-void clean_check(void); /* Check if line was 8-bit clean */
-void set_up_tty(int, int); /* Set up port's speed, parameters, etc. */
-void restore_tty(int); /* Restore port's original parameters */
-void setdtr(int, int); /* Raise or lower port's DTR line */
-void output(int, u_char *, int); /* Output a PPP packet */
-void wait_input(struct timeval *);
- /* Wait for input, with timeout */
-void add_fd(int); /* Add fd to set to wait for */
-void remove_fd(int); /* Remove fd from set to wait for */
-int read_packet(u_char *); /* Read PPP packet */
-int get_loop_output(void); /* Read pkts from loopback */
-void tty_send_config(int, u_int32_t, int, int);
- /* Configure i/f transmit parameters */
-void tty_set_xaccm(ext_accm);
- /* Set extended transmit ACCM */
-void tty_recv_config(int, u_int32_t, int, int);
- /* Configure i/f receive parameters */
-int ccp_test(int, u_char *, int, int);
- /* Test support for compression scheme */
-void ccp_flags_set(int, int, int);
- /* Set kernel CCP state */
-int ccp_fatal_error(int); /* Test for fatal decomp error in kernel */
-int get_idle_time(int, struct ppp_idle *);
- /* Find out how long link has been idle */
-int get_ppp_stats(int, struct pppd_stats *);
- /* Return link statistics */
-void netif_set_mtu(int, int); /* Set PPP interface MTU */
-int netif_get_mtu(int); /* Get PPP interface MTU */
-int sifvjcomp(int, int, int, int);
- /* Configure VJ TCP header compression */
-int sifup(int); /* Configure i/f up for one protocol */
-int sifnpmode(int u, int proto, enum NPmode mode);
- /* Set mode for handling packets for proto */
-int sifdown(int); /* Configure i/f down for one protocol */
-int sifaddr(int, u_int32_t, u_int32_t, u_int32_t);
- /* Configure IPv4 addresses for i/f */
-int cifaddr(int, u_int32_t, u_int32_t);
- /* Reset i/f IP addresses */
-#ifdef PPP_WITH_IPV6CP
-int sif6up(int); /* Configure i/f up for IPv6 */
-int sif6down(int); /* Configure i/f down for IPv6 */
-int sif6addr(int, eui64_t, eui64_t);
- /* Configure IPv6 addresses for i/f */
-int cif6addr(int, eui64_t, eui64_t);
- /* Remove an IPv6 address from i/f */
-#endif
-int sifdefaultroute(int, u_int32_t, u_int32_t, bool replace_default_rt);
- /* Create default route through i/f */
-int cifdefaultroute(int, u_int32_t, u_int32_t);
- /* Delete default route through i/f */
-#ifdef PPP_WITH_IPV6CP
-int sif6defaultroute(int, eui64_t, eui64_t);
- /* Create default IPv6 route through i/f */
-int cif6defaultroute(int, eui64_t, eui64_t);
- /* Delete default IPv6 route through i/f */
-#endif
-int sifproxyarp(int, u_int32_t);
- /* Add proxy ARP entry for peer */
-int cifproxyarp(int, u_int32_t);
- /* Delete proxy ARP entry for peer */
-u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */
-int lock(char *); /* Create lock file for device */
-int relock(int); /* Rewrite lock file with new pid */
-void unlock(void); /* Delete previously-created lock file */
-void logwtmp(const char *, const char *, const char *);
- /* Write entry to wtmp file */
-int get_host_seed(void); /* Get host-dependent random number seed */
-int have_route_to(u_int32_t); /* Check if route to addr exists */
-#ifdef PPP_WITH_FILTER
-int set_filters(struct bpf_program *pass, struct bpf_program *active);
- /* Set filter programs in kernel */
-#endif
-int get_if_hwaddr(u_char *addr, char *name);
-int get_first_ether_hwaddr(u_char *addr);
-int get_time(struct timeval *);
- /* Get current time, monotonic if possible. */
-
-/* Procedures exported from options.c */
-int setipaddr(char *, char **, int); /* Set local/remote ip addresses */
-int parse_args(int argc, char **argv);
- /* Parse options from arguments given */
-int options_from_file(char *filename, int must_exist, int check_prot,
- int privileged);
- /* Parse options from an options file */
-int options_from_user(void); /* Parse options from user's .ppprc */
-int options_for_tty(void); /* Parse options from /etc/ppp/options.tty */
-int options_from_list(struct wordlist *, int privileged);
- /* Parse options from a wordlist */
-int getword(FILE *f, char *word, int *newlinep, char *filename);
- /* Read a word from a file */
-void option_error(char *fmt, ...);
- /* Print an error message about an option */
-int int_option(char *, int *);
- /* Simplified number_option for decimal ints */
-void add_options(option_t *); /* Add extra options */
-void check_options(void); /* check values after all options parsed */
-int override_value(char *, int, const char *);
- /* override value if permitted by priority */
-void print_options(printer_func, void *);
- /* print out values of all options */
-void showopts(void);
- /* show all option names and description */
-int parse_dotted_ip(char *, u_int32_t *);
-
-/*
- * Hooks to enable plugins to change various things.
+/* Safe sprintf++ */
+int slprintf(char *, int, char *, ...);
+
+/* vsprintf++ */
+int vslprintf(char *, int, char *, va_list);
+
+/* safe strcpy */
+size_t strlcpy(char *, const char *, size_t);
+
+/* safe strncpy */
+size_t strlcat(char *, const char *, size_t);
+
+/* log a debug message */
+void dbglog(char *, ...);
+
+/* log an informational message */
+void info(char *, ...);
+
+/* log a notice-level message */
+void notice(char *, ...);
+
+/* log a warning message */
+void warn(char *, ...);
+
+/* log an error message */
+void error(char *, ...);
+
+/* log an error message and die(1) */
+void fatal(char *, ...);
+
+/* Say we ran out of memory, and die */
+void novm(char *);
+
+/* Format a packet and log it with syslog */
+void log_packet(unsigned char *, int, char *, int);
+
+/* dump packet to debug log if interesting */
+void dump_packet(const char *, unsigned char *, int);
+
+/* initialize for using pr_log */
+void init_pr_log(const char *, int);
+
+/* printer fn, output to syslog */
+void pr_log(void *, char *, ...);
+
+/* finish up after using pr_log */
+void end_pr_log(void);
+
+/*
+ * Get the current exist status of pppd
*/
-extern int (*new_phase_hook)(int);
-extern int (*idle_time_hook)(struct ppp_idle *);
-extern int (*holdoff_hook)(void);
-extern int (*pap_check_hook)(void);
-extern int (*pap_auth_hook)(char *user, char *passwd, char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-extern void (*pap_logout_hook)(void);
-extern int (*pap_passwd_hook)(char *user, char *passwd);
-extern int (*allowed_address_hook)(u_int32_t addr);
-extern void (*ip_up_hook)(void);
-extern void (*ip_down_hook)(void);
-extern void (*ip_choose_hook)(u_int32_t *);
-extern void (*ipv6_up_hook)(void);
-extern void (*ipv6_down_hook)(void);
-
-extern int (*chap_check_hook)(void);
-extern int (*chap_passwd_hook)(char *user, char *passwd);
-extern void (*multilink_join_hook)(void);
-
-#ifdef PPP_WITH_EAPTLS
-extern int (*eaptls_passwd_hook)(char *user, char *passwd);
-#endif
+ppp_exit_code_t ppp_status();
-/* Let a plugin snoop sent and received packets. Useful for L2TP */
-extern void (*snoop_recv_hook)(unsigned char *p, int len);
-extern void (*snoop_send_hook)(unsigned char *p, int len);
+/*
+ * Set the exit status
+ */
+void ppp_set_status(ppp_exit_code_t code);
/*
- * Inline versions of get/put char/short/long.
- * Pointer is advanced; we assume that both arguments
- * are lvalues and will already be in registers.
- * cp MUST be u_char *.
- */
-#define GETCHAR(c, cp) { \
- (c) = *(cp)++; \
-}
-#define PUTCHAR(c, cp) { \
- *(cp)++ = (u_char) (c); \
-}
-
-
-#define GETSHORT(s, cp) { \
- (s) = *(cp)++ << 8; \
- (s) |= *(cp)++; \
-}
-#define PUTSHORT(s, cp) { \
- *(cp)++ = (u_char) ((s) >> 8); \
- *(cp)++ = (u_char) (s); \
-}
-
-#define GETLONG(l, cp) { \
- (l) = *(cp)++ << 8; \
- (l) |= *(cp)++; (l) <<= 8; \
- (l) |= *(cp)++; (l) <<= 8; \
- (l) |= *(cp)++; \
-}
-#define PUTLONG(l, cp) { \
- *(cp)++ = (u_char) ((l) >> 24); \
- *(cp)++ = (u_char) ((l) >> 16); \
- *(cp)++ = (u_char) ((l) >> 8); \
- *(cp)++ = (u_char) (l); \
-}
-
-#define INCPTR(n, cp) ((cp) += (n))
-#define DECPTR(n, cp) ((cp) -= (n))
-
-/*
- * System dependent definitions for user-level 4.3BSD UNIX implementation.
- */
-
-#define TIMEOUT(r, f, t) timeout((r), (f), (t), 0)
-#define UNTIMEOUT(r, f) untimeout((r), (f))
-
-#define BCOPY(s, d, l) memcpy(d, s, l)
-#define BZERO(s, n) memset(s, 0, n)
-#define BCMP(s1, s2, l) memcmp(s1, s2, l)
-
-#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); }
-
-/*
- * MAKEHEADER - Add Header fields to a packet.
- */
-#define MAKEHEADER(p, t) { \
- PUTCHAR(PPP_ALLSTATIONS, p); \
- PUTCHAR(PPP_UI, p); \
- PUTSHORT(t, p); }
-
-/*
- * Exit status values.
- */
-#define EXIT_OK 0
-#define EXIT_FATAL_ERROR 1
-#define EXIT_OPTION_ERROR 2
-#define EXIT_NOT_ROOT 3
-#define EXIT_NO_KERNEL_SUPPORT 4
-#define EXIT_USER_REQUEST 5
-#define EXIT_LOCK_FAILED 6
-#define EXIT_OPEN_FAILED 7
-#define EXIT_CONNECT_FAILED 8
-#define EXIT_PTYCMD_FAILED 9
-#define EXIT_NEGOTIATION_FAILED 10
-#define EXIT_PEER_AUTH_FAILED 11
-#define EXIT_IDLE_TIMEOUT 12
-#define EXIT_CONNECT_TIME 13
-#define EXIT_CALLBACK 14
-#define EXIT_PEER_DEAD 15
-#define EXIT_HANGUP 16
-#define EXIT_LOOPBACK 17
-#define EXIT_INIT_FAILED 18
-#define EXIT_AUTH_TOPEER_FAILED 19
-#define EXIT_TRAFFIC_LIMIT 20
-#define EXIT_CNID_AUTH_FAILED 21
-
-/*
- * Debug macros. Slightly useful for finding bugs in pppd, not particularly
- * useful for finding out why your connection isn't being established.
- */
-#ifdef DEBUGALL
-#define DEBUGMAIN 1
-#define DEBUGFSM 1
-#define DEBUGLCP 1
-#define DEBUGIPCP 1
-#define DEBUGIPV6CP 1
-#define DEBUGUPAP 1
-#define DEBUGCHAP 1
-#endif
+ * Configure the session's maximum number of octets
+ */
+void ppp_set_session_limit(unsigned int octets);
-#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */
-#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
- || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
- || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
-#define LOG_PPP LOG_LOCAL2
-#else
-#define LOG_PPP LOG_DAEMON
-#endif
-#endif /* LOG_PPP */
+/*
+ * Which direction to limit the number of octets
+ */
+void ppp_set_session_limit_dir(unsigned int direction);
-#ifdef DEBUGMAIN
-#define MAINDEBUG(x) if (debug) dbglog x
-#else
-#define MAINDEBUG(x)
-#endif
+/*
+ * Get the current link stats, returns true when valid and false if otherwise
+ */
+bool ppp_get_link_stats(ppp_link_stats_st *stats);
-#ifdef DEBUGSYS
-#define SYSDEBUG(x) if (debug) dbglog x
-#else
-#define SYSDEBUG(x)
-#endif
+/*
+ * Get pppd's notion of time
+ */
+int ppp_get_time(struct timeval *);
-#ifdef DEBUGFSM
-#define FSMDEBUG(x) if (debug) dbglog x
-#else
-#define FSMDEBUG(x)
-#endif
+/*
+ * Schedule a callback in s.us seconds from now
+ */
+typedef void (*ppp_timer_cb)(void *arg);
+void ppp_timeout(ppp_timer_cb func, void *arg, int s, int us);
-#ifdef DEBUGLCP
-#define LCPDEBUG(x) if (debug) dbglog x
-#else
-#define LCPDEBUG(x)
-#endif
+/*
+ * Cancel any pending timer callbacks
+ */
+void ppp_untimeout(void (*func)(void *), void *arg);
-#ifdef DEBUGIPCP
-#define IPCPDEBUG(x) if (debug) dbglog x
-#else
-#define IPCPDEBUG(x)
-#endif
+/*
+ * Clean up in a child before execing
+ */
+void ppp_sys_close(void);
-#ifdef DEBUGIPV6CP
-#define IPV6CPDEBUG(x) if (debug) dbglog x
-#else
-#define IPV6CPDEBUG(x)
-#endif
+/*
+ * Fork & close stuff in child
+ */
+pid_t ppp_safe_fork(int, int, int);
-#ifdef DEBUGUPAP
-#define UPAPDEBUG(x) if (debug) dbglog x
-#else
-#define UPAPDEBUG(x)
-#endif
+/*
+ * Get the current hostname
+ */
+const char *ppp_hostname();
-#ifdef DEBUGCHAP
-#define CHAPDEBUG(x) if (debug) dbglog x
-#else
-#define CHAPDEBUG(x)
-#endif
+/*
+ * Is pppd using pty as a device (opposed to notty or pty opt).
+ */
+bool ppp_using_pty();
-#ifndef SIGTYPE
-#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
-#define SIGTYPE void
-#else
-#define SIGTYPE int
-#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
-#endif /* SIGTYPE */
+/*
+ * Device is synchronous serial device
+ */
+bool ppp_sync_serial();
-#ifndef MIN
-#define MIN(a, b) ((a) < (b)? (a): (b))
-#endif
-#ifndef MAX
-#define MAX(a, b) ((a) > (b)? (a): (b))
-#endif
+/*
+ * Modem mode
+ */
+bool ppp_get_modem();
-#ifndef offsetof
-#define offsetof(type, member) ((size_t) &((type *)0)->member)
-#endif
+/*
+ * Control the mode of the tty terminal
+ */
+void ppp_set_modem(bool on);
+
+/*
+ * Set the current session number, e.g. for PPPoE
+ */
+void ppp_set_session_number(int number);
+
+/*
+ * Set the current session number, e.g. for PPPoE
+ */
+int ppp_get_session_number(void);
+
+/*
+ * Check if pppd got signaled, returns 0 if not signaled, returns -1 on failure, and the signal number when signaled.
+ */
+bool ppp_signaled(int sig);
+
+/*
+ * Maximum connect time in seconds
+ */
+int ppp_get_max_connect_time(void);
+
+/*
+ * Set the maximum connect time in seconds
+ */
+void ppp_set_max_connect_time(unsigned int max);
+
+/*
+ * Get the link idle time before shutting the link down
+ */
+int ppp_get_max_idle_time(void);
+
+/*
+ * Set the link idle time before shutting the link down
+ */
+void ppp_set_max_idle_time(unsigned int idle);
+
+/*
+ * Get the duration the link was up (uptime)
+ */
+int ppp_get_link_uptime();
+
+/*
+ * Get the ipparam configured with pppd
+ */
+const char *ppp_ipparam();
+
+/*
+ * check if IP address is unreasonable
+ */
+bool ppp_bad_ip_addr(uint32_t);
+
+/*
+ * Expose an environment variable to scripts
+ */
+void ppp_script_setenv(char *, char *, int);
+
+/*
+ * Unexpose an environment variable to scripts
+ */
+void ppp_script_unsetenv(char *);
+
+/*
+ * Test whether ppp kernel support exists
+ */
+int ppp_check_kernel_support(void);
+
+/*
+ * Restore device setting
+ */
+void ppp_generic_disestablish(int dev_fd);
+
+/*
+ * Set the interface MTU
+ */
+void ppp_set_mtu(int, int);
+
+/*
+ * Get the interface MTU
+ */
+int ppp_get_mtu(int);
+
+/*
+ * Make a ppp interface
+ */
+int ppp_generic_establish(int dev_fd);
+
+/*
+ * Get the peer's authentication name
+ */
+const char *ppp_peer_authname(char *buf, size_t bufsz);
+
+/*
+ * Get the remote name
+ */
+const char *ppp_remote_name();
+
+/*
+ * Get the remote number (if set), otherwise return NULL
+ */
+const char *ppp_get_remote_number(void);
+
+/*
+ * Set the remote number, typically it's a MAC address
+ */
+void ppp_set_remote_number(const char *buf);
+
+/*
+ * Get the current interface unit for the pppX device
+ */
+int ppp_ifunit();
+
+/*
+ * Get the current interface name
+ */
+const char *ppp_ifname();
+
+/*
+ * Get the current interface name
+ */
+int ppp_get_ifname(char *buf, size_t bufsz);
+
+/*
+ * Set the current interface name, ifname is a \0 terminated string
+ */
+void ppp_set_ifname(const char *ifname);
+
+/*
+ * Set the original devnam (prior to any renaming, etc).
+ */
+int ppp_set_pppdevnam(const char *name);
+
+/*
+ * Get the original devnam (prior to any renaming, etc).
+ */
+const char *ppp_pppdevnam();
+
+/*
+ * Get the current devnam, e.g. /dev/ttyS0, /dev/ptmx
+ */
+const char *ppp_devnam();
+
+/*
+ * Set the device name
+ */
+int ppp_set_devnam(const char *name);
+
+/*
+ * Definition for the notify callback function
+ * ctx - contextual argument provided with the registration
+ * arg - anything passed by the notification, e.g. phase, pid, etc
+ */
+typedef void (ppp_notify_fn)(void *ctx, int arg);
+
+/*
+ * Add a callback notification for when a given event has occured
+ */
+void ppp_add_notify(ppp_notify_t type, ppp_notify_fn *func, void *ctx);
+
+/*
+ * Remove a callback notification previously registered
+ */
+void ppp_del_notify(ppp_notify_t type, ppp_notify_fn *func, void *ctx);
+
+/*
+ * Get the path prefix in which a file is installed
+ */
+int ppp_get_path(ppp_path_t type, char *buf, size_t bufsz);
+
+/*
+ * Get the file with path prefix
+ */
+int ppp_get_filepath(ppp_path_t type, const char *name, char *buf, size_t bufsz);
+
+/*
+ * Check if pppd is to re-open link after it goes down
+ */
+bool ppp_persist();
+
+/*
+ * Hooks to enable plugins to hook into various parts of the code
+ */
+
+struct ppp_idle; /* Declared in <linux/ppp_defs.h> */
+extern int (*idle_time_hook)(struct ppp_idle *);
+extern int (*new_phase_hook)(int);
+extern int (*holdoff_hook)(void);
+extern int (*allowed_address_hook)(uint32_t addr);
+extern void (*snoop_recv_hook)(unsigned char *p, int len);
+extern void (*snoop_send_hook)(unsigned char *p, int len);
#endif /* PPP_PPPD_H */
#include <utmp.h>
#include <fcntl.h>
#include <unistd.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "session.h"
#ifdef PPP_WITH_PAM
#define IFLA_PPP_DEV_FD 1
#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ipcp.h"
#include "eui64.h"
#endif /* PPP_WITH_IPV6CP */
+#include "multilink.h"
+
#ifdef PPP_WITH_FILTER
#include <pcap-bpf.h>
#include <linux/filter.h>
/********************************************************************
*
- * sys_close - Clean up in a child process before execing.
+ * ppp_sys_close - Clean up in a child process before execing.
*/
void
-sys_close(void)
+ppp_sys_close(void)
{
if (new_style_driver && ppp_dev_fd >= 0)
close(ppp_dev_fd);
#ifndef N_SYNC_PPP
#define N_SYNC_PPP 14
#endif
- ppp_disc = (new_style_driver && sync_serial)? N_SYNC_PPP: N_PPP;
+ ppp_disc = (new_style_driver && ppp_sync_serial())? N_SYNC_PPP: N_PPP;
if (ioctl(tty_fd, TIOCSETD, &ppp_disc) < 0) {
if ( ! ok_error (errno) ) {
error("Couldn't set tty to PPP discipline: %m");
}
}
- ret_fd = generic_establish_ppp(tty_fd);
+ ret_fd = ppp_generic_establish(tty_fd);
#define SC_RCVB (SC_RCV_B7_0 | SC_RCV_B7_1 | SC_RCV_EVNP | SC_RCV_ODDP)
#define SC_LOGB (SC_DEBUG | SC_LOG_INPKT | SC_LOG_OUTPKT | SC_LOG_RAWIN \
*
* generic_establish_ppp - Turn the fd into a ppp interface.
*/
-int generic_establish_ppp (int fd)
+int ppp_generic_establish (int fd)
{
int x;
flushfailed:
initfdflags = -1;
- generic_disestablish_ppp(tty_fd);
+ ppp_generic_disestablish(tty_fd);
}
/********************************************************************
*
- * generic_disestablish_ppp - Restore device components to normal
+ * ppp_generic_disestablish - Restore device components to normal
* operation, and reconnect the ppp unit to the loopback if in demand
* mode. This shouldn't call die() because it's called from die().
*/
-void generic_disestablish_ppp(int dev_fd)
+void ppp_generic_disestablish(int dev_fd)
{
if (new_style_driver) {
close(ppp_fd);
if (demand) {
modify_flags(ppp_dev_fd, 0, SC_LOOP_TRAFFIC);
looped = 1;
- } else if (!doing_multilink && ppp_dev_fd >= 0) {
+ } else if (!mp_on() && ppp_dev_fd >= 0) {
close(ppp_dev_fd);
remove_fd(ppp_dev_fd);
ppp_dev_fd = -1;
error("read /dev/ppp: %m");
if (nr < 0 && errno == ENXIO)
nr = 0;
- if (nr == 0 && doing_multilink) {
+ if (nr == 0 && mp_on()) {
remove_fd(ppp_dev_fd);
bundle_eof = 1;
}
* netif_set_mtu - set the MTU on the PPP network interface.
*/
void
-netif_set_mtu(int unit, int mtu)
+ppp_set_mtu(int unit, int mtu)
{
struct ifreq ifr;
* netif_get_mtu - get the MTU on the PPP network interface.
*/
int
-netif_get_mtu(int unit)
+ppp_get_mtu(int unit)
{
struct ifreq ifr;
}
x = (pcomp? SC_COMP_PROT: 0) | (accomp? SC_COMP_AC: 0)
- | (sync_serial? SC_SYNC: 0);
+ | (ppp_sync_serial()? SC_SYNC: 0);
modify_flags(ppp_fd, SC_COMP_PROT|SC_COMP_AC|SC_SYNC, x);
}
/********************************************************************
*
- * ppp_available - check whether the system has any ppp interfaces
+ * ppp_check_kernel_support - check whether the system has any ppp interfaces
* (in fact we check whether we can do an ioctl on ppp0).
*/
-int ppp_available(void)
+int ppp_check_kernel_support(void)
{
int s, ok, fd;
struct ifreq ifr;
get_host_seed(void)
{
int h;
- char *p = hostname;
+ const char *p;
h = 407;
for (p = hostname; *p != 0; ++p)
sys_check_options(void)
{
if (demand && driver_is_old) {
- option_error("demand dialling is not supported by kernel driver "
+ ppp_option_error("demand dialling is not supported by kernel driver "
"version %d.%d.%d", driver_version, driver_modification,
driver_patch);
return 0;
* get_time - Get current time, monotonic if possible.
*/
int
-get_time(struct timeval *tv)
+ppp_get_time(struct timeval *tv)
{
/* Old glibc (< 2.3.4) does define CLOCK_MONOTONIC, but kernel may have it.
* Runtime checking makes it safe. */
#include <pcap.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
#include "ipcp.h"
* sys_close - Clean up in a child process before execing.
*/
void
-sys_close(void)
+ppp_sys_close(void)
{
close(ipfd);
#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
#endif
/*
- * ppp_available - check whether the system has any ppp interfaces
+ * ppp_check_kernel_support - check whether the system has any ppp interfaces
*/
int
-ppp_available(void)
+ppp_check_kernel_support(void)
{
struct stat buf;
/* Push the async hdlc module and the compressor module. */
tty_npushed = 0;
- if(!sync_serial) {
+ if(!ppp_sync_serial()) {
if (ioctl(fd, I_PUSH, AHDLC_MOD_NAME) < 0) {
error("Couldn't push PPP Async HDLC module: %m");
return -1;
struct termiox tiox;
#endif
- if (!sync_serial && tcgetattr(fd, &tios) < 0)
+ if (!ppp_sync_serial() && tcgetattr(fd, &tios) < 0)
fatal("tcgetattr: %m");
#ifndef CRTSCTS
termiox_ok = 1;
- if (!sync_serial && ioctl (fd, TCGETX, &tiox) < 0) {
+ if (!ppp_sync_serial() && ioctl (fd, TCGETX, &tiox) < 0) {
termiox_ok = 0;
if (errno != ENOTTY)
error("TCGETX: %m");
#ifndef CRTSCTS
inittermiox = tiox;
#endif
- if (!sync_serial)
+ if (!ppp_sync_serial())
ioctl(fd, TIOCGWINSZ, &wsinfo);
}
* We can't proceed if the serial port speed is 0,
* since that implies that the serial port is disabled.
*/
- if ((speed == B0) && !sync_serial)
+ if ((speed == B0) && !ppp_sync_serial())
fatal("Baud rate for %s is 0; need explicit baud rate", devnam);
}
- if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &tios) < 0)
+ if (!ppp_sync_serial() && tcsetattr(fd, TCSAFLUSH, &tios) < 0)
fatal("tcsetattr: %m");
#ifndef CRTSCTS
- if (!sync_serial && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){
+ if (!ppp_sync_serial() && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){
error("TCSETXF: %m");
}
#endif
baud_rate = inspeed = baud_rate_of(speed);
- if (!sync_serial)
+ if (!ppp_sync_serial())
restore_term = 1;
}
*/
inittermios.c_lflag &= ~(ECHO | ECHONL);
}
- if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0)
+ if (!ppp_sync_serial() && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0)
if (!hungup && errno != ENXIO)
warn("tcsetattr: %m");
#ifndef CRTSCTS
- if (!sync_serial && ioctl (fd, TCSETXF, &inittermiox) < 0){
+ if (!ppp_sync_serial() && ioctl (fd, TCSETXF, &inittermiox) < 0){
if (!hungup && errno != ENXIO)
error("TCSETXF: %m");
}
#endif
- if (!sync_serial)
+ if (!ppp_sync_serial())
ioctl(fd, TIOCSWINSZ, &wsinfo);
restore_term = 0;
}
}
/*
- * netif_set_mtu - set the MTU on the PPP network interface.
+ * ppp_set_mtu - set the MTU on the PPP network interface.
*/
void
-netif_set_mtu(int unit, int mtu)
+ppp_set_mtu(int unit, int mtu)
{
struct ifreq ifr;
#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
/*
- * netif_get_mtu - get the MTU on the PPP network interface.
+ * ppp_get_mtu - get the MTU on the PPP network interface.
*/
int
-netif_get_mtu(int unit)
+ppp_get_mtu(int unit)
{
struct ifreq ifr;
error("Couldn't set MTU: %m");
}
if (fdmuxid >= 0) {
- if (!sync_serial) {
+ if (!ppp_sync_serial()) {
if (strioctl(pppfd, PPPIO_XACCM, &asyncmap, sizeof(asyncmap), 0) < 0)
error("Couldn't set transmit ACCM: %m");
}
void
tty_set_xaccm(ext_accm accm)
{
- if (sync_serial)
+ if (ppp_sync_serial())
return;
if (fdmuxid >= 0
error("Couldn't set MRU: %m");
}
if (fdmuxid >= 0) {
- if (!sync_serial) {
+ if (!ppp_sync_serial()) {
if (strioctl(pppfd, PPPIO_RACCM, &asyncmap, sizeof(asyncmap), 0) < 0)
error("Couldn't set receive ACCM: %m");
}
{
struct ppp_stats s;
- if (!sync_serial &&
+ if (!ppp_sync_serial() &&
strioctl(pppfd, PPPIO_GETSTAT, &s, 0, sizeof(s)) < 0) {
error("Couldn't get link statistics: %m");
return 0;
pfd.events = POLLIN | POLLPRI;
do {
n = poll(&pfd, 1, 1000);
- } while (n == -1 && errno == EINTR && !got_sigterm);
+ } while (n == -1 && errno == EINTR && !ppp_signaled(SIGTERM));
if (n <= 0)
return -1;
* get_time - Get current time, monotonic if possible.
*/
int
-get_time(struct timeval *tv)
+ppp_get_time(struct timeval *tv)
{
return gettimeofday(tv, NULL);
}
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <string.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "tls.h"
/**
#include <netinet/in.h>
#include <arpa/inet.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
static int setspeed(char *, char **, int);
static int setxonxoff(char **);
static int setescape(char **);
-static void printescape(option_t *, void (*)(void *, char *,...),void *);
+static void printescape(struct option *, void (*)(void *, char *,...),void *);
static void finish_tty(void);
static int start_charshunt(int, int);
static void stop_charshunt(void *, int);
struct stat devstat; /* result of stat() on devnam */
/* option variables */
+char devnam[MAXPATHLEN]; /* Device name */
+char ppp_devname[MAXPATHLEN];/* name of PPP tty (maybe ttypx) */
int crtscts = 0; /* Use hardware flow control */
int stop_bits = 1; /* Number of serial port stop bits */
bool modem = 1; /* Use modem control lines */
u_int32_t xmit_accm[8]; /* extended transmit ACCM */
/* option descriptors */
-option_t tty_options[] = {
+static struct option tty_options[] = {
/* device name must be first, or change connect_tty() below! */
{ "device name", o_wild, (void *) &setdevname,
"Serial port device name",
&tty_close_fds
};
+bool
+ppp_sync_serial()
+{
+ return sync_serial;
+}
+
+bool
+ppp_get_modem()
+{
+ return modem;
+}
+
+void
+ppp_set_modem(bool on)
+{
+ modem = on;
+}
+
+bool
+ppp_using_pty()
+{
+ return using_pty;
+}
+
+int
+ppp_set_pppdevnam(const char *name)
+{
+ if (name) {
+ return strlcpy(ppp_devname, name, sizeof(ppp_devname));
+ }
+ return -1;
+}
+
+const char *
+ppp_pppdevnam()
+{
+ return ppp_devname;
+}
+
+const char *
+ppp_devnam()
+{
+ return devnam;
+}
+
+int
+ppp_set_devnam(const char *name)
+{
+ if (name) {
+ return strlcpy(devnam, name, sizeof(devnam));
+ }
+ return -1;
+}
+
+
/*
* setspeed - Set the serial port baud rate.
* If doit is 0, the call is to check whether this option is
if (stat(cp, &statbuf) < 0) {
if (!doit)
return errno != ENOENT;
- option_error("Couldn't stat %s: %m", cp);
+ ppp_option_error("Couldn't stat %s: %m", cp);
return 0;
}
if (!S_ISCHR(statbuf.st_mode)) {
if (doit)
- option_error("%s is not a character device", cp);
+ ppp_option_error("%s is not a character device", cp);
return 0;
}
while (*p) {
n = strtol(p, &endp, 16);
if (p == endp) {
- option_error("escape parameter contains invalid hex number '%s'",
+ ppp_option_error("escape parameter contains invalid hex number '%s'",
p);
return 0;
}
p = endp;
if (n < 0 || n == 0x5E || n > 0xFF) {
- option_error("can't escape character 0x%x", n);
+ ppp_option_error("can't escape character 0x%x", n);
ret = 0;
} else
xmit_accm[n >> 5] |= 1 << (n & 0x1F);
}
static void
-printescape(option_t *opt, void (*printer)(void *, char *, ...), void *arg)
+printescape(struct option *opt, void (*printer)(void *, char *, ...), void *arg)
{
int n;
int first = 1;
*/
void tty_init(void)
{
- add_notifier(&pidchange, maybe_relock, 0);
+ ppp_add_notify(NF_PID_CHANGE, maybe_relock, 0);
the_channel = &tty_channel;
xmit_accm[3] = 0x60000000;
}
if (default_device) {
char *p;
if (!isatty(0) || (p = ttyname(0)) == NULL) {
- option_error("no device specified and stdin is not a tty");
+ ppp_option_error("no device specified and stdin is not a tty");
exit(EXIT_OPTION_ERROR);
}
strlcpy(devnam, p, MAXPATHLEN);
int fdflags;
if (demand && notty) {
- option_error("demand-dialling is incompatible with notty");
+ ppp_option_error("demand-dialling is incompatible with notty");
exit(EXIT_OPTION_ERROR);
}
if (demand && connect_script == 0 && ptycommand == NULL
&& pty_socket == NULL) {
- option_error("connect script is required for demand-dialling\n");
+ ppp_option_error("connect script is required for demand-dialling\n");
exit(EXIT_OPTION_ERROR);
}
/* default holdoff to 0 if no connect script has been given */
if (using_pty) {
if (!default_device) {
- option_error("%s option precludes specifying device name",
+ ppp_option_error("%s option precludes specifying device name",
pty_socket? "socket": notty? "notty": "pty");
exit(EXIT_OPTION_ERROR);
}
if (ptycommand != NULL && notty) {
- option_error("pty option is incompatible with notty option");
+ ppp_option_error("pty option is incompatible with notty option");
exit(EXIT_OPTION_ERROR);
}
if (pty_socket != NULL && (ptycommand != NULL || notty)) {
- option_error("socket option is incompatible with pty and notty");
+ ppp_option_error("socket option is incompatible with pty and notty");
exit(EXIT_OPTION_ERROR);
}
default_device = notty;
* Get a pty master/slave pair if the pty, notty, socket,
* or record options were specified.
*/
- strlcpy(ppp_devnam, devnam, MAXPATHLEN);
+ strlcpy(ppp_devname, devnam, MAXPATHLEN);
pty_master = -1;
pty_slave = -1;
real_ttyfd = -1;
if (using_pty || record_file != NULL) {
- if (!get_pty(&pty_master, &pty_slave, ppp_devnam, uid)) {
+ if (!get_pty(&pty_master, &pty_slave, ppp_devname, uid)) {
error("Couldn't allocate pseudo-tty");
- status = EXIT_FATAL_ERROR;
+ ppp_set_status(EXIT_FATAL_ERROR);
return -1;
}
set_up_tty(pty_slave, 1);
/*
* Lock the device if we've been asked to.
*/
- status = EXIT_LOCK_FAILED;
+ ppp_set_status(EXIT_LOCK_FAILED);
if (lockflag && !privopen) {
if (lock(devnam) < 0)
goto errret;
if (prio < OPRIO_ROOT && seteuid(uid) == -1) {
error("Unable to drop privileges before opening %s: %m\n",
devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
goto errret;
}
real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
errno = err;
if (err != EINTR) {
error("Failed to open %s: %m", devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
}
if (!persist || err != EINTR)
goto errret;
* If the pty, socket, notty and/or record option was specified,
* start up the character shunt now.
*/
- status = EXIT_PTYCMD_FAILED;
+ ppp_set_status(EXIT_PTYCMD_FAILED);
if (ptycommand != NULL) {
if (record_file != NULL) {
int ipipe[2], opipe[2], ok;
if (initializer && initializer[0]) {
if (device_script(initializer, ttyfd, ttyfd, 0) < 0) {
error("Initializer script failed");
- status = EXIT_INIT_FAILED;
+ ppp_set_status(EXIT_INIT_FAILED);
goto errretf;
}
if (got_sigterm) {
if (connector && connector[0]) {
if (device_script(connector, ttyfd, ttyfd, 0) < 0) {
error("Connect script failed");
- status = EXIT_CONNECT_FAILED;
+ ppp_set_status(EXIT_CONNECT_FAILED);
goto errretf;
}
if (got_sigterm) {
break;
if (errno != EINTR) {
error("Failed to reopen %s: %m", devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
}
if (!persist || errno != EINTR || hungup || got_sigterm)
goto errret;
}
slprintf(numbuf, sizeof(numbuf), "%d", baud_rate);
- script_setenv("SPEED", numbuf, 0);
+ ppp_script_setenv("SPEED", numbuf, 0);
/* run welcome script, if any */
if (welcomer && welcomer[0]) {
{
int cpid, ret;
- cpid = safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2));
+ cpid = ppp_safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2));
if (cpid == -1) {
error("Can't fork process for character shunt: %m");
return 0;
pty_readable = stdin_readable = 1;
ilevel = olevel = 0;
- get_time(&levelt);
+ ppp_get_time(&levelt);
if (max_data_rate) {
max_level = max_data_rate / 10;
if (max_level < 100)
int nbt;
struct timeval now;
- get_time(&now);
+ ppp_get_time(&now);
dt = (now.tv_sec - levelt.tv_sec
+ (now.tv_usec - levelt.tv_usec) / 1e6);
nbt = (int)(dt * max_data_rate);
#include <stdio.h>
#include <string.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "upap.h"
/*
* Command-line options.
*/
-static option_t pap_option_list[] = {
+static struct option pap_option_list[] = {
{ "hide-password", o_bool, &hide_password,
"Don't output passwords to log", OPT_PRIO | 1 },
{ "show-password", o_bool, &hide_password,
int us_passwdlen; /* Password length */
int us_clientstate; /* Client state */
int us_serverstate; /* Server state */
- u_char us_id; /* Current id */
+ unsigned char us_id; /* Current id */
int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */
int us_transmits; /* Number of auth-reqs sent */
int us_maxtransmits; /* Maximum number of auth-reqs to send */
extern struct protent pap_protent;
+typedef int (pap_check_hook_fn)(void);
+typedef int (pap_auth_hook_fn)(char *user, char *passwd, char **msgp,
+ struct wordlist **paddrs,
+ struct wordlist **popts);
+typedef void (pap_logout_hook_fn)(void);
+typedef int (pap_passwd_hook_fn)(char *user, char *passwd);
+
+/*
+ * This function will return a value of 1 to indicate that a plugin intent to
+ * supply a username or a password through the pap_auth_hook callback.
+ *
+ * A return value of > 0 will avoid parsing pap-secrets file.
+ */
+extern pap_check_hook_fn *pap_check_hook;
+
+/*
+ * This hook is used to check if a username and password matches against the
+ * PAP secrets.
+ */
+extern pap_auth_hook_fn *pap_auth_hook;
+
+/*
+ * Hook for plugin to know about PAP user logout.
+ */
+extern pap_logout_hook_fn *pap_logout_hook;
+
+/*
+ * A plugin can chose to supply its own user and password overriding what
+ * previously has been configured. Hook is only valid when pppd is acting
+ * as a client
+ */
+extern pap_passwd_hook_fn *pap_passwd_hook;
+
#endif // PPP_UPAP_H
#include <sys/mkdev.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
#include "pathnames.h"
for (done = 0; done < count; ) {
nb = read(fd, ptr, count - done);
if (nb < 0) {
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
return -1;
}
projects / ppp.git / commitdiff